* Create a common usage function that'd take the array of long options and an array of descriptions and output that so things would be standardized across the utils. Usage strings should be normalized and split first. Investigate optparse. /etc/default/useradd * GROUP=1000 should accept a group name. Check when RLOGIN is enabled if ruserok() exists Move selinux_file_context out of libmisc/copydir.c Review hardcoded root account? review all call to strto libmisc/cleanup_user.c cleanup needed (cleanup_report_add_user* not used) libxcrypt support * http://wiki.linuxfromscratch.org/patches/browser/trunk/shadow/shadow-4.0.18.1-owl_blowfish-1.patch implement getlong, getulong. avoid atoi, atol, atoul, strtol, strtoul, ... manpages: comment the RLOGIN parts Replace build_list (in lib/gshadow.c) and list (in lib/sgetgrent.c) by comma_to_list() Revert the modified files if all files could not be changed. * or warn and indicate which files were modified and which were not. * check the order the files are modified. report nscd_flush_cache failures? call nscd from the programs or from lib (commonio?) PAM: check if a non-interactive conversation function could be used to set the password in chpasswd and newusers WITH_SELINUX - review all tools to check that the strategies are consistent chage, chfn, chsh: same change needed as in passwd. - probably need moving check_selinux_access to a separate file. testsuite - newgrp - test with unknown user's GID newusers - add logging to SYSLOG & AUDIT - use CREATE_HOME - Add a -Z option (see useradd / usermod) Document when/where option appeared, document whether an option is standard or not. Check all the expiry semantics ALL: - move base passwd/shadow/group/gshadow operation to module for allow write different backend modules for db, NIS, LDAP and others. Default backend it will be goot if will be chosen depending on /etc/nsswitch.conf and allow override this by -r options (where the can be file, db, nis nisplus, ldap .. like on /etc/nsswitch.conf in service column). passwd have old piece of code with handling -r option and it will be good finish this and propagate on other shadow tools for allow operate on other user databases by well known tools. - Protect against signals. Register do_cleanups in a signal handler. - login.defs - generate depending on configuration - useradd: - add handle create user mail spool in maildir format. - Add support for -k in -D mode - Add support for -K in -D mode - Add option to create or not the mail spool (and set the default in -D mode) - Change -l to reset the entry if an entry was already there - set the mask in mkdir? - userdel: - add backup option for the removal of user resources, - user_busy: check that the user is not running any processes. - missing "deleting group" FAILED - home dir removed, but userdel may fail and may leave the user => warning needed - usermod - add an option equivalent to useradd's -l (only when uid is changed) - the mode of new home directories should be set according to the original mode. Does copy_tree does this? - user renamed, order is not kept in /etc/group (see 47_usermod-l_no_shadow_file). This is a problem when the first user is considered as the admin. - see mail "user ID change" on April, 15 + fix call to chown (combination of -m and -u/-g) + add tests - passwd: - check combination of options (e.g. -u/-l) - when -u refuse to unlock because it would create an empty password, it should not display "Password changed." exit instead? - newgrp: check the USE_PAM section. - pwck - Add check to move passwd passwords to shadow if there is a shadow entry (with a password). - Add check to move passwd passwords to shadow if there is a shadow file. - Support an alternative /etc/tcb directory as second parameter. - add options -g / -G to specify alternative group / gshadow files - su - add a login.defs configuration parameter to add variables to keep in the environment with "su -l" (TERM/TERMCOLOR/...) - vipw - set ACLs and XATTRs on the temporary file (and backups?) - vipw + selinux -> use lib/selinux.c