summaryrefslogtreecommitdiffstats
path: root/TODO
blob: 8783ccd130f3bd294bbaa2e492efaa7a768c94b3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
 * Create a common usage function that'd take the array of
   long options and an array of descriptions and output that so things would
   be standardized across the utils.
   Usage strings should be normalized and split first.
   Investigate optparse.


/etc/default/useradd
 * GROUP=1000 should accept a group name.

Check when RLOGIN is enabled if ruserok() exists

Move selinux_file_context out of libmisc/copydir.c

Review hardcoded root account?

review all call to strto

libmisc/cleanup_user.c
	cleanup needed (cleanup_report_add_user* not used)


libxcrypt support
 * http://wiki.linuxfromscratch.org/patches/browser/trunk/shadow/shadow-4.0.18.1-owl_blowfish-1.patch

implement getlong, getulong.
	avoid atoi, atol, atoul, strtol, strtoul, ...

manpages: comment the RLOGIN parts

Replace build_list (in lib/gshadow.c) and list (in lib/sgetgrent.c) by
comma_to_list()

Revert the modified files if all files could not be changed.
  * or warn and indicate which files were modified and which were not.
  * check the order the files are modified.

report nscd_flush_cache failures?
call nscd from the programs or from lib (commonio?)

PAM: check if a non-interactive conversation function could be used to set
the password in chpasswd and newusers

WITH_SELINUX
  - review all tools to check that the strategies are consistent

chage, chfn, chsh: same change needed as in passwd.
  - probably need moving check_selinux_access to a separate file.

testsuite
 - newgrp
   - test with unknown user's GID

newusers
 - add logging to SYSLOG & AUDIT
 - use CREATE_HOME
 - Add a -Z option (see useradd / usermod)

Document when/where option appeared, document whether an option is standard
or not.

Check all the expiry semantics

ALL:
- move base passwd/shadow/group/gshadow operation to module for allow write
  different backend modules for db, NIS, LDAP and others. Default backend it
  will be goot if will be chosen depending on /etc/nsswitch.conf and allow
  override this by -r <repository> options (where the <repository> can be
  file, db, nis nisplus, ldap .. like on /etc/nsswitch.conf in service column).
  passwd have old piece of code with handling -r option and it will be good
  finish this and propagate on other shadow tools for allow operate on other
  user databases by well known tools.
- Protect against signals. Register do_cleanups in a signal handler.

- login.defs
  - generate depending on configuration

- useradd:
  - add handle create user mail spool in maildir format.
  - Add support for -k in -D mode
  - Add support for -K in -D mode
  - Add option to create or not the mail spool (and set the default in -D
    mode)
  - Change -l to reset the entry if an entry was already there
  - set the mask in mkdir?

- userdel:
  - add backup option for the removal of user resources,
  - user_busy: check that the user is not running any processes.
  - missing "deleting group" FAILED
  - home dir removed, but userdel may fail and may leave the user
    => warning needed

- usermod
  - add an option equivalent to useradd's -l (only when uid is changed)
  - the mode of new home directories should be set according to the
    original mode. Does copy_tree does this?
  - user renamed, order is not kept in /etc/group (see
    47_usermod-l_no_shadow_file). This is a problem when the first user is
    considered as the admin.
  - see mail "user ID change" on  April, 15
    + fix call to chown (combination of -m and -u/-g)
    + add tests

- passwd:
  - check combination of options (e.g. -u/-l)
  - when -u refuse to unlock because it would create an empty password, it
    should not display "Password changed."
    exit instead?

- newgrp: check the USE_PAM section.

- pwck
  - Add check to move passwd passwords to shadow if there is a shadow
    entry (with a password).
  - Add check to move passwd passwords to shadow if there is a shadow
    file.
  - Support an alternative /etc/tcb directory as second parameter.
  - add options -g / -G to specify alternative group / gshadow files

- su
  - add a login.defs configuration parameter to add variables to keep in
    the environment with "su -l" (TERM/TERMCOLOR/...)

- vipw
  - set ACLs and XATTRs on the temporary file (and backups?)
  - vipw + selinux -> use lib/selinux.c