configure.ac: get ready to release 4.9

Signed-off-by: Serge Hallyn <serge@hallyn.com>

.travis.yml

@@ -1,20 +1,52 @@
+dist: bionic
 sudo: false
 
 language: c
 
 compiler:
-  - gcc
-  - clang
+ - gcc
+ - clang
 
-addons:
-  apt:
-    packages:
-      - autopoint
-      - xsltproc
+arch:
+ - amd64
+ - arm64
+ - ppc64le
+ - s390x
 
+before_install:
+  - sudo apt-get update -qq
+  - sudo apt-get -y install -qq automake autopoint xsltproc libselinux1-dev gettext expect
+  - sudo apt-get -y install -qq byacc libtool
 script:
  - ./autogen.sh --without-selinux --disable-man
  - grep ENABLE_ config.status
  - make
 
+env:
+  global:
+   - secure: "G47VYFrtzqalrVjixTqBG9Qsa8EZRcaqsh1k6fq5JgEyHmMQActpvTUDs9FXf1MEqiY5XX3VDVfBsZgKPHgmHsMzD1bX11xpnpGByB8g7gr8I3u2ZkCREqgi77a5l3LeBh+seWiambe/DYOgvPCNa6pCynLgR9advqtgKhpCruU="
+
+addons:
+  coverity_scan:
+
+    project:
+      name: "shadow-maint/shadow"
+      description: "Upstream shadow utils tree"
+
+    notification_email: christian.brauner@ubuntu.com,serge@hallyn.com
+
+    build_command_prepend: "./autogen.sh --without-selinux --disable-man"
+    build_command: "make -j4"
+    branch_pattern: master
+
+script:
+ - cat /proc/self/uid_map
+ - cat /proc/self/status
+ - systemd-detect-virt
+ - ./autogen.sh --without-selinux --disable-man
+ - grep ENABLE_ config.status
+ - make
+ - sudo make install
+ - (cd tests; sudo ./run_some; cat testsuite.log)
+
 # vim:et:ts=2:sw=2

ChangeLog

@@ -1,3 +1,26 @@
+2021-07-22  Serge Hallyn <serge@hallyn.com>
+
+	* Updated translations (Björn Esser, Juergen Hoetzel)
+	* Major salt updates (Björn Esser)
+	* Various coverity and cleanup fixes (Iker Pedrosa)
+	* Consistently use 0 to disable PASS_MIN_DAYS  in man (tzccinct)
+	* Implement NSS support for subids and a libsubid (Serge Hallyn)
+	* setfcap: retain setfcap when mapping uid 0 (Christian Brauner)
+	* login.defs: include HMAC_CRYPTO_ALGO key (Iker Pedrosa)
+	* selinux fixes (Christian Göttsche)
+	* Fix path prefix path handling (Lucas Servén Marín)
+	* Manpage updates (tzccinct, Sevan Janiyan, Iker Pedrosa, Geert Ijewski,
+		谭九鼎, Jamin W. Collins, towerpark, andydna, Frans Spiesschaert)
+	* Treat an empty passwd field as invalid (Haelwenn Monnier)
+	* newxidmap: allow running under alternative gid (Martijn de Gouw)
+	* usermod: check that  shell is executable (Geert Ijewski)
+	* Add yescript support (Rodolphe Bréard)
+	* useradd memleak fixes (whzhe)
+	* useradd: use built-in settings by default (Ludwig Nussel)
+	* getdefs: add foreign (non-shadow-utils) items (Karel Zak)
+	* buffer overflow fixes (Tobias Stoeckmann)
+	* Adding run-parts style for pre and post useradd/del (ed@s5h.net)
+
 2020-01-23  Serge Hallyn <serge@hallyn.com>
 
 	* selinux: inclue stdio (Michael Vetter)

Makefile.am

@@ -2,5 +2,14 @@
 
 EXTRA_DIST = NEWS README TODO shadow.spec.in
 
-SUBDIRS = po man libmisc lib src \
-	contrib doc etc
+SUBDIRS = libmisc lib 
+
+if ENABLE_SUBIDS
+SUBDIRS += libsubid
+endif
+
+SUBDIRS += src po contrib doc etc
+
+if ENABLE_REGENERATE_MAN
+SUBDIRS += man
+endif

README

@@ -59,6 +59,7 @@ Dave Hagewood <admin@arrowweb.com>
 David A. Holland <dholland@hcs.harvard.edu>
 David Frey <David.Frey@lugs.ch>
 Ed Carp <ecarp@netcom.com>
+Ed Neville <ed@s5h.net>
 Eric W. Biederman" <ebiederm@xmission.com>
 Floody <flood@evcom.net>
 Frank Denis <j@4u.net>
@@ -69,6 +70,7 @@ Guy Maor <maor@debian.org>
 Hrvoje Dogan <hdogan@bjesomar.srce.hr>
 Jakub Hrozek <jhrozek@redhat.com>
 Janos Farkas <chexum@bankinf.banki.hu>
+Jason Franklin <jason.franklin@quoininc.com>
 Jay Soffian <jay@lw.net>
 Jesse Thilo <Jesse.Thilo@pobox.com>
 Joey Hess <joey@kite.ml.org>

autogen.sh

@@ -6,7 +6,7 @@ autoreconf -v -f --install || exit 1
 	CFLAGS="-O2 -Wall" \
 	--enable-man \
 	--enable-maintainer-mode \
-	--disable-shared \
+	--enable-shared \
 	--without-libpam \
 	--with-selinux \
 	"$@"

configure.ac

@@ -1,19 +1,29 @@
 dnl Process this file with autoconf to produce a configure script.
-AC_PREREQ([2.64])
-AC_INIT([shadow], [4.8.1], [pkg-shadow-devel@lists.alioth.debian.org], [],
+AC_PREREQ([2.69])
+m4_define([libsubid_abi_major], 3)
+m4_define([libsubid_abi_minor], 0)
+m4_define([libsubid_abi_micro], 0)
+m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
+AC_INIT([shadow], [4.9], [pkg-shadow-devel@lists.alioth.debian.org], [],
 	[https://github.com/shadow-maint/shadow])
 AM_INIT_AUTOMAKE([1.11 foreign dist-xz])
+AC_CONFIG_MACRO_DIRS([m4])
 AM_SILENT_RULES([yes])
 AC_CONFIG_HEADERS([config.h])
 
+AC_SUBST([LIBSUBID_ABI_MAJOR], [libsubid_abi_major])
+AC_SUBST([LIBSUBID_ABI_MINOR], [libsubid_abi_minor])
+AC_SUBST([LIBSUBID_ABI_MICRO], [libsubid_abi_micro])
+AC_SUBST([LIBSUBID_ABI], [libsubid_abi])
+
 dnl Some hacks...
 test "$prefix" = "NONE" && prefix="/usr"
 test "$prefix" = "/usr" && exec_prefix=""
 
 AC_GNU_SOURCE
 
-AM_DISABLE_SHARED
 AM_ENABLE_STATIC
+AM_ENABLE_SHARED
 
 AM_MAINTAINER_MODE
 
@@ -32,20 +42,21 @@ AC_HEADER_STDC
 AC_HEADER_SYS_WAIT
 AC_HEADER_STDBOOL
 
-AC_CHECK_HEADERS(errno.h fcntl.h limits.h unistd.h sys/time.h utmp.h \
+AC_CHECK_HEADERS(crypt.h errno.h fcntl.h limits.h unistd.h sys/time.h utmp.h \
 	utmpx.h termios.h termio.h sgtty.h sys/ioctl.h syslog.h paths.h \
-	utime.h ulimit.h sys/capability.h sys/resource.h gshadow.h lastlog.h \
-	locale.h rpc/key_prot.h netdb.h acl/libacl.h attr/libattr.h \
-	attr/error_context.h)
+	utime.h ulimit.h sys/capability.h sys/random.h sys/resource.h \
+	gshadow.h lastlog.h locale.h rpc/key_prot.h netdb.h acl/libacl.h \
+	attr/libattr.h attr/error_context.h)
 
 dnl shadow now uses the libc's shadow implementation
 AC_CHECK_HEADER([shadow.h],,[AC_MSG_ERROR([You need a libc with shadow.h])])
 
-AC_CHECK_FUNCS(l64a fchmod fchown fsync futimes getgroups gethostname getspnam \
-	gettimeofday getusershell getutent initgroups lchown lckpwdf lstat \
-	lutimes memcpy memset setgroups sigaction strchr updwtmp updwtmpx innetgr \
-	getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r getaddrinfo \
-	ruserok)
+AC_CHECK_FUNCS(arc4random_buf l64a fchmod fchown fsync futimes getgroups \
+	gethostname getentropy getrandom getspnam gettimeofday getusershell \
+	getutent initgroups lchown lckpwdf lstat lutimes memcpy memset \
+	setgroups sigaction strchr updwtmp updwtmpx innetgr getpwnam_r \
+	getpwuid_r getgrnam_r getgrgid_r getspnam_r getaddrinfo ruserok \
+	dlopen)
 AC_SYS_LARGEFILE
 
 dnl Checks for typedefs, structures, and compiler characteristics.
@@ -280,6 +291,9 @@ AC_ARG_WITH(sha-crypt,
 AC_ARG_WITH(bcrypt,
 	[AC_HELP_STRING([--with-bcrypt], [allow the bcrypt password encryption algorithm @<:@default=no@:>@])],
 	[with_bcrypt=$withval], [with_bcrypt=no])
+AC_ARG_WITH(yescrypt,
+	[AC_HELP_STRING([--with-yescrypt], [allow the yescrypt password encryption algorithm @<:@default=no@:>@])],
+	[with_yescrypt=$withval], [with_yescrypt=no])
 AC_ARG_WITH(nscd,
 	[AC_HELP_STRING([--with-nscd], [enable support for nscd @<:@default=yes@:>@])],
 	[with_nscd=$withval], [with_nscd=yes])
@@ -312,6 +326,11 @@ if test "$with_bcrypt" = "yes"; then
 	AC_DEFINE(USE_BCRYPT, 1, [Define to allow the bcrypt password encryption algorithm])
 fi
 
+AM_CONDITIONAL(USE_YESCRYPT, test "x$with_yescrypt" = "xyes")
+if test "$with_yescrypt" = "yes"; then
+	AC_DEFINE(USE_YESCRYPT, 1, [Define to allow the yescrypt password encryption algorithm])
+fi
+
 if test "$with_nscd" = "yes"; then
 	AC_CHECK_FUNC(posix_spawn,
 	              [AC_DEFINE(USE_NSCD, 1, [Define to support flushing of nscd caches])],
@@ -392,6 +411,10 @@ AC_SUBST(LIBCRYPT)
 AC_CHECK_LIB(crypt, crypt, [LIBCRYPT=-lcrypt],
 	[AC_MSG_ERROR([crypt() not found])])
 
+AC_SUBST(LIYESCRYPT)
+AC_CHECK_LIB(crypt, crypt, [LIYESCRYPT=-lcrypt],
+	[AC_MSG_ERROR([crypt() not found])])
+
 AC_SUBST(LIBACL)
 if test "$with_acl" != "no"; then
 	AC_CHECK_HEADERS(acl/libacl.h attr/error_context.h, [acl_header="yes"], [acl_header="no"])
@@ -715,6 +738,7 @@ AC_CONFIG_FILES([
 	man/zh_TW/Makefile
 	libmisc/Makefile
 	lib/Makefile
+	libsubid/Makefile
 	src/Makefile
 	contrib/Makefile
 	etc/Makefile
@@ -741,6 +765,7 @@ echo "	shadow group support:		$enable_shadowgrp"
 echo "	S/Key support:			$with_skey"
 echo "	SHA passwords encryption:	$with_sha_crypt"
 echo "	bcrypt passwords encryption:	$with_bcrypt"
+echo "	yescrypt passwords encryption:	$with_yescrypt"
 echo "	nscd support:			$with_nscd"
 echo "	sssd support:			$with_sssd"
 echo "	subordinate IDs support:	$enable_subids"

etc/Makefile.am

@@ -4,8 +4,7 @@
 sysconf_DATA = login.defs
 
 defaultdir = $(sysconfdir)/default
-default_DATA = \
-	useradd
+default_DATA =
 
 nonpam_files = \
 	limits \

etc/login.defs

@@ -295,7 +295,7 @@ CHFN_AUTH		yes
 # any combination of letters "frwh" (full name, room number, work
 # phone, home phone).  If not defined, no changes are allowed.
 # For backward compatibility, "yes" = "rwh" and "no" = "frwh".
-# 
+#
 CHFN_RESTRICT		rwh
 
 #
@@ -326,7 +326,9 @@ CHFN_RESTRICT		rwh
 # If set to SHA256, SHA256-based algorithm will be used for encrypting password
 # If set to SHA512, SHA512-based algorithm will be used for encrypting password
 # If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
+# If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password
 # If set to DES, DES-based algorithm will be used for encrypting password (default)
+# MD5 and DES should not be used for new hashes, see crypt(5) for recommendations.
 # Overrides the MD5_CRYPT_ENAB option
 #
 # Note: If you use PAM, it is recommended to use a value consistent with
@@ -342,7 +344,8 @@ CHFN_RESTRICT		rwh
 # However, more CPU resources will be needed to authenticate users if
 # this value is increased.
 #
-# If not specified, the libc will choose the default number of rounds (5000).
+# If not specified, the libc will choose the default number of rounds (5000),
+# which is orders of magnitude too low for modern hardware.
 # The values must be within the 1000-999999999 range.
 # If only one of the MIN or MAX values is set, then this value will be used.
 # If MIN > MAX, the highest value will be used.
@@ -365,6 +368,19 @@ CHFN_RESTRICT		rwh
 #BCRYPT_MIN_ROUNDS 13
 #BCRYPT_MAX_ROUNDS 13
 
+#
+# Only works if ENCRYPT_METHOD is set to YESCRYPT.
+#
+# Define the YESCRYPT cost factor.
+# With a higher cost factor, it is more difficult to brute-force the password.
+# However, more CPU time and more memory will be needed to authenticate users
+# if this value is increased.
+#
+# If not specified, a cost factor of 5 will be used.
+# The value must be within the 1-11 range.
+#
+#YESCRYPT_COST_FACTOR 5
+
 #
 # List of groups to add to the user's supplementary group set
 # when logging in from the console (as determined by the CONSOLE
@@ -382,6 +398,14 @@ CHFN_RESTRICT		rwh
 #
 DEFAULT_HOME	yes
 
+#
+# The pwck(8) utility emits a warning for any system account with a home
+# directory that does not exist.  Some system accounts intentionally do
+# not have a home directory.  Such accounts may have this string as
+# their home directory in /etc/passwd to avoid a spurious warning.
+#
+NONEXISTENT	/nonexistent
+
 #
 # If this file exists and is readable, login environment will be
 # read from it.  Every line should be in the form name=value.
@@ -428,3 +452,28 @@ USERGROUPS_ENAB yes
 # missing.
 #
 #FORCE_SHADOW    yes
+
+#
+# Allow newuidmap and newgidmap when running under an alternative
+# primary group.
+#
+#GRANT_AUX_GROUP_SUBIDS yes
+
+#
+# Prevents an empty password field to be interpreted as "no authentication
+# required".
+# Set to "yes" to prevent for all accounts
+# Set to "superuser" to prevent for UID 0 / root (default)
+# Set to "no" to not prevent for any account (dangerous, historical default)
+
+PREVENT_NO_AUTH superuser
+
+#
+# Select the HMAC cryptography algorithm.
+# Used in pam_timestamp module to calculate the keyed-hash message
+# authentication code.
+#
+# Note: It is recommended to check hmac(3) to see the possible algorithms
+# that are available in your system.
+#
+#HMAC_CRYPTO_ALGO SHA512

etc/useradd

@@ -1,8 +0,0 @@
-# useradd defaults file
-GROUP=1000
-HOME=/home
-INACTIVE=-1
-EXPIRE=
-SHELL=/bin/bash
-SKEL=/etc/skel
-CREATE_MAIL_SPOOL=yes

lib/Makefile.am

@@ -5,7 +5,6 @@ DEFS =
 
 noinst_LTLIBRARIES = libshadow.la
 
-libshadow_la_LDFLAGS = -version-info 0:0:0
 libshadow_la_CPPFLAGS = $(ECONF_CPPFLAGS)
 if HAVE_VENDORDIR
 libshadow_la_CPPFLAGS += -DVENDORDIR=\"$(VENDORDIR)\"
@@ -32,6 +31,7 @@ libshadow_la_SOURCES = \
 	groupio.h \
 	gshadow.c \
 	lockpw.c \
+	nss.c \
 	nscd.c \
 	nscd.h \
 	sssd.c \
@@ -45,6 +45,8 @@ libshadow_la_SOURCES = \
 	pwio.c \
 	pwio.h \
 	pwmem.c \
+	run_part.h \
+	run_part.c \
 	subordinateio.h \
 	subordinateio.c \
 	selinux.c \

lib/commonio.c

@@ -144,7 +144,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 	fd = open (file, O_CREAT | O_TRUNC | O_WRONLY, 0600);
 	if (-1 == fd) {
 		if (log) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
 			                "%s: %s: %s\n",
 			                Prog, file, strerror (errno));
 		}
@@ -156,8 +156,18 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 	len = (ssize_t) strlen (buf) + 1;
 	if (write (fd, buf, (size_t) len) != len) {
 		if (log) {
-			(void) fprintf (stderr,
-			                "%s: %s: %s\n",
+			(void) fprintf (shadow_logfd,
+			                "%s: %s file write error: %s\n",
+			                Prog, file, strerror (errno));
+		}
+		(void) close (fd);
+		unlink (file);
+		return 0;
+	}
+	if (fdatasync (fd) == -1) {
+		if (log) {
+			(void) fprintf (shadow_logfd,
+			                "%s: %s file sync error: %s\n",
 			                Prog, file, strerror (errno));
 		}
 		(void) close (fd);
@@ -169,7 +179,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 	if (link (file, lock) == 0) {
 		retval = check_link_count (file);
 		if ((0==retval) && log) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
 			                "%s: %s: lock file already used\n",
 			                Prog, file);
 		}
@@ -180,7 +190,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 	fd = open (lock, O_RDWR);
 	if (-1 == fd) {
 		if (log) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
 			                "%s: %s: %s\n",
 			                Prog, lock, strerror (errno));
 		}
@@ -192,7 +202,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 	close (fd);
 	if (len <= 0) {
 		if (log) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
 			                "%s: existing lock file %s without a PID\n",
 			                Prog, lock);
 		}
@@ -203,7 +213,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 	buf[len] = '\0';
 	if (get_pid (buf, &pid) == 0) {
 		if (log) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
 			                "%s: existing lock file %s with an invalid PID '%s'\n",
 			                Prog, lock, buf);
 		}
@@ -213,7 +223,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 	}
 	if (kill (pid, 0) == 0) {
 		if (log) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
 			                "%s: lock %s already used by PID %lu\n",
 			                Prog, lock, (unsigned long) pid);
 		}
@@ -223,7 +233,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 	}
 	if (unlink (lock) != 0) {
 		if (log) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
 			                "%s: cannot get lock %s: %s\n",
 			                Prog, lock, strerror (errno));
 		}
@@ -235,13 +245,13 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 	if (link (file, lock) == 0) {
 		retval = check_link_count (file);
 		if ((0==retval) && log) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
 			                "%s: %s: lock file already used\n",
 			                Prog, file);
 		}
 	} else {
 		if (log) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
 			                "%s: cannot get lock %s: %s\n",
 			                Prog, lock, strerror (errno));
 		}
@@ -326,8 +336,12 @@ static int create_backup (const char *backup, FILE * fp)
 		/* FIXME: unlink the backup file? */
 		return -1;
 	}
-	if (   (fsync (fileno (bkfp)) != 0)
-	    || (fclose (bkfp) != 0)) {
+	if (fsync (fileno (bkfp)) != 0) {
+		(void) fclose (bkfp);
+		/* FIXME: unlink the backup file? */
+		return -1;
+	}
+	if (fclose (bkfp) != 0) {
 		/* FIXME: unlink the backup file? */
 		return -1;
 	}
@@ -432,7 +446,7 @@ int commonio_lock (struct commonio_db *db)
 		if (0 == lock_count) {
 			if (lckpwdf () == -1) {
 				if (geteuid () != 0) {
-					(void) fprintf (stderr,
+					(void) fprintf (shadow_logfd,
 					                "%s: Permission denied.\n",
 					                Prog);
 				}
@@ -468,7 +482,7 @@ int commonio_lock (struct commonio_db *db)
 		}
 		/* no unnecessary retries on "permission denied" errors */
 		if (geteuid () != 0) {
-			(void) fprintf (stderr, "%s: Permission denied.\n",
+			(void) fprintf (shadow_logfd, "%s: Permission denied.\n",
 			                Prog);
 			return 0;
 		}
@@ -964,7 +978,7 @@ int commonio_close (struct commonio_db *db)
 		snprintf (buf, sizeof buf, "%s-", db->filename);
 
 #ifdef WITH_SELINUX
-		if (set_selinux_file_context (buf) != 0) {
+		if (set_selinux_file_context (db->filename, S_IFREG) != 0) {
 			errors++;
 		}
 #endif
@@ -997,7 +1011,7 @@ int commonio_close (struct commonio_db *db)
 	snprintf (buf, sizeof buf, "%s+", db->filename);
 
 #ifdef WITH_SELINUX
-	if (set_selinux_file_context (buf) != 0) {
+	if (set_selinux_file_context (db->filename, S_IFREG) != 0) {
 		errors++;
 	}
 #endif
@@ -1099,7 +1113,7 @@ int commonio_update (struct commonio_db *db, const void *eptr)
 	p = find_entry_by_name (db, db->ops->getname (eptr));
 	if (NULL != p) {
 		if (next_entry_by_name (db, p->next, db->ops->getname (eptr)) != NULL) {
-			fprintf (stderr, _("Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"), db->ops->getname (eptr), db->filename);
+			fprintf (shadow_logfd, _("Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"), db->ops->getname (eptr), db->filename);
 			db->ops->free (nentry);
 			return 0;
 		}
@@ -1204,7 +1218,7 @@ int commonio_remove (struct commonio_db *db, const char *name)
 		return 0;
 	}
 	if (next_entry_by_name (db, p->next, name) != NULL) {
-		fprintf (stderr, _("Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"), name, db->filename);
+		fprintf (shadow_logfd, _("Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"), name, db->filename);
 		return 0;
 	}
 

lib/commonio.h

@@ -34,10 +34,6 @@
 #ifndef COMMONIO_H
 #define COMMONIO_H
 
-#ifdef WITH_SELINUX
-#include <selinux/selinux.h>
-#endif
-
 #include "defines.h" /* bool */
 
 /*
@@ -121,7 +117,7 @@ struct commonio_db {
 	/*@dependent@*/ /*@null@*/FILE *fp;
 
 #ifdef WITH_SELINUX
-	/*@null@*/security_context_t scontext;
+	/*@null@*/char *scontext;
 #endif
 	/*
 	 * Default permissions and owner for newly created data file.

lib/defines.h

@@ -4,6 +4,8 @@
 #ifndef _DEFINES_H_
 #define _DEFINES_H_
 
+#include "config.h"
+
 #if HAVE_STDBOOL_H
 # include <stdbool.h>
 #else
@@ -94,6 +96,14 @@ char *strchr (), *strrchr (), *strtok ();
 # include <unistd.h>
 #endif
 
+/*
+ * crypt(3), crypt_gensalt(3), and their
+ * feature test macros may be defined in here.
+ */
+#if HAVE_CRYPT_H
+# include <crypt.h>
+#endif
+
 #if TIME_WITH_SYS_TIME
 # include <sys/time.h>
 # include <time.h>

lib/encrypt.c

@@ -74,6 +74,9 @@
 			case '6':
 				method = "SHA512";
 				break;
+			case 'y':
+				method = "YESCRYPT";
+				break;
 			default:
 			{
 				static char nummethod[4] = "$x$";
@@ -81,7 +84,7 @@
 				method = &nummethod[0];
 			}
 		}
-		(void) fprintf (stderr,
+		(void) fprintf (shadow_logfd,
 		                _("crypt method not supported by libcrypt? (%s)\n"),
 		                method);
 		exit (EXIT_FAILURE);

lib/getdef.c

@@ -61,6 +61,7 @@ struct itemdef {
 	{"ENV_TZ", NULL},			\
 	{"FAILLOG_ENAB", NULL},			\
 	{"FTMP_FILE", NULL},			\
+	{"HMAC_CRYPTO_ALGO", NULL},		\
 	{"ISSUE_FILE", NULL},			\
 	{"LASTLOG_ENAB", NULL},			\
 	{"LOGIN_STRING", NULL},			\
@@ -77,6 +78,16 @@ struct itemdef {
 	{"SU_WHEEL_ONLY", NULL},		\
 	{"ULIMIT", NULL},
 
+/*
+ * Items used in other tools (util-linux, etc.)
+ */
+#define FOREIGNDEFS				\
+	{"ALWAYS_SET_PATH", NULL},		\
+	{"ENV_ROOTPATH", NULL},			\
+	{"LOGIN_KEEP_USERNAME", NULL},		\
+	{"LOGIN_PLAIN_PROMPT", NULL},		\
+	{"MOTD_FIRSTONLY", NULL},		\
+
 
 #define NUMDEFS	(sizeof(def_table)/sizeof(def_table[0]))
 static struct itemdef def_table[] = {
@@ -105,6 +116,7 @@ static struct itemdef def_table[] = {
 	{"MAIL_FILE", NULL},
 	{"MAX_MEMBERS_PER_GROUP", NULL},
 	{"MD5_CRYPT_ENAB", NULL},
+	{"NONEXISTENT", NULL},
 	{"PASS_MAX_DAYS", NULL},
 	{"PASS_MIN_DAYS", NULL},
 	{"PASS_WARN_AGE", NULL},
@@ -115,6 +127,9 @@ static struct itemdef def_table[] = {
 #ifdef USE_BCRYPT
 	{"BCRYPT_MAX_ROUNDS", NULL},
 	{"BCRYPT_MIN_ROUNDS", NULL},
+#endif
+#ifdef USE_YESCRYPT
+	{"YESCRYPT_COST_FACTOR", NULL},
 #endif
 	{"SUB_GID_COUNT", NULL},
 	{"SUB_GID_MAX", NULL},
@@ -149,6 +164,8 @@ static struct itemdef def_table[] = {
 	{"USE_TCB", NULL},
 #endif
 	{"FORCE_SHADOW", NULL},
+	{"GRANT_AUX_GROUP_SUBIDS", NULL},
+	{"PREVENT_NO_AUTH", NULL},
 	{NULL, NULL}
 };
 
@@ -157,6 +174,7 @@ static struct itemdef knowndef_table[] = {
 #ifdef USE_PAM
 	PAMDEFS
 #endif
+	FOREIGNDEFS
 	{NULL, NULL}
 };
 
@@ -249,7 +267,7 @@ int getdef_num (const char *item, int dflt)
 	if (   (getlong (d->value, &val) == 0)
 	    || (val > INT_MAX)
 	    || (val < INT_MIN)) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("configuration error - cannot parse %s value: '%s'"),
 		         item, d->value);
 		return dflt;
@@ -284,7 +302,7 @@ unsigned int getdef_unum (const char *item, unsigned int dflt)
 	if (   (getlong (d->value, &val) == 0)
 	    || (val < 0)
 	    || (val > INT_MAX)) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("configuration error - cannot parse %s value: '%s'"),
 		         item, d->value);
 		return dflt;
@@ -317,7 +335,7 @@ long getdef_long (const char *item, long dflt)
 	}
 
 	if (getlong (d->value, &val) == 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("configuration error - cannot parse %s value: '%s'"),
 		         item, d->value);
 		return dflt;
@@ -350,7 +368,7 @@ unsigned long getdef_ulong (const char *item, unsigned long dflt)
 
 	if (getulong (d->value, &val) == 0) {
 		/* FIXME: we should have a getulong */
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("configuration error - cannot parse %s value: '%s'"),
 		         item, d->value);
 		return dflt;
@@ -388,7 +406,7 @@ int putdef_str (const char *name, const char *value)
 	cp = strdup (value);
 	if (NULL == cp) {
 		(void) fputs (_("Could not allocate space for config info.\n"),
-		              stderr);
+		              shadow_logfd);
 		SYSLOG ((LOG_ERR, "could not allocate space for config info"));
 		return -1;
 	}
@@ -413,7 +431,6 @@ static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *name)
 {
 	struct itemdef *ptr;
 
-
 	/*
 	 * Search into the table.
 	 */
@@ -433,7 +450,7 @@ static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *name)
 			goto out;
 		}
 	}
-	fprintf (stderr,
+	fprintf (shadow_logfd,
 	         _("configuration error - unknown item '%s' (notify administrator)\n"),
 	         name);
 	SYSLOG ((LOG_CRIT, "unknown configuration item `%s'", name));

lib/groupmem.c

@@ -87,6 +87,18 @@
 	return gr;
 }
 
+void gr_free_members (struct group *grent)
+{
+	if (NULL != grent->gr_mem) {
+		size_t i;
+		for (i = 0; NULL != grent->gr_mem[i]; i++) {
+			free (grent->gr_mem[i]);
+		}
+		free (grent->gr_mem);
+		grent->gr_mem = NULL;
+	}
+}
+
 void gr_free (/*@out@*/ /*@only@*/struct group *grent)
 {
 	free (grent->gr_name);
@@ -94,13 +106,36 @@ void gr_free (/*@out@*/ /*@only@*/struct group *grent)
 		memzero (grent->gr_passwd, strlen (grent->gr_passwd));
 		free (grent->gr_passwd);
 	}
-	if (NULL != grent->gr_mem) {
-		size_t i;
-		for (i = 0; NULL != grent->gr_mem[i]; i++) {
-			free (grent->gr_mem[i]);
-		}
-		free (grent->gr_mem);
-	}
+	gr_free_members(grent);
 	free (grent);
 }
 
+bool gr_append_member(struct group *grp, char *member)
+{
+	int i;
+
+	if (NULL == grp->gr_mem || grp->gr_mem[0] == NULL) {
+		grp->gr_mem = (char **)malloc(2 * sizeof(char *));
+		if (!grp->gr_mem) {
+			return false;
+		}
+		grp->gr_mem[0] = strdup(member);
+		if (!grp->gr_mem[0]) {
+			return false;
+		}
+		grp->gr_mem[1] = NULL;
+		return true;
+	}
+
+	for (i = 0; grp->gr_mem[i]; i++) ;
+	grp->gr_mem = realloc(grp->gr_mem, (i + 2) * sizeof(char *));
+	if (NULL == grp->gr_mem) {
+		return false;
+	}
+	grp->gr_mem[i] = strdup(member);
+	if (NULL == grp->gr_mem[i]) {
+		return false;
+	}
+	grp->gr_mem[i + 1] = NULL;
+	return true;
+}

lib/nscd.c

@@ -25,13 +25,13 @@ int nscd_flush_cache (const char *service)
 
 	if (run_command (cmd, spawnedArgs, spawnedEnv, &status) != 0) {
 		/* run_command writes its own more detailed message. */
-		(void) fprintf (stderr, _(MSG_NSCD_FLUSH_CACHE_FAILED), Prog);
+		(void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), Prog);
 		return -1;
 	}
 
 	code = WEXITSTATUS (status);
 	if (!WIFEXITED (status)) {
-		(void) fprintf (stderr,
+		(void) fprintf (shadow_logfd,
 		                _("%s: nscd did not terminate normally (signal %d)\n"),
 		                Prog, WTERMSIG (status));
 		return -1;
@@ -43,9 +43,9 @@ int nscd_flush_cache (const char *service)
 		/* nscd is installed, but it isn't active. */
 		return 0;
 	} else if (code != 0) {
-		(void) fprintf (stderr, _("%s: nscd exited with status %d\n"),
+		(void) fprintf (shadow_logfd, _("%s: nscd exited with status %d\n"),
 		                Prog, code);
-		(void) fprintf (stderr, _(MSG_NSCD_FLUSH_CACHE_FAILED), Prog);
+		(void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), Prog);
 		return -1;
 	}
 

lib/nss.c

@@ -0,0 +1,149 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <dlfcn.h>
+#include <stdbool.h>
+#include <string.h>
+#include <strings.h>
+#include <ctype.h>
+#include <stdatomic.h>
+#include "prototypes.h"
+#include "../libsubid/subid.h"
+
+#define NSSWITCH "/etc/nsswitch.conf"
+
+// NSS plugin handling for subids
+// If nsswitch has a line like
+//    subid: sssd
+// then sssd will be consulted for subids.  Unlike normal NSS dbs,
+// only one db is supported at a time.  That's open to debate, but
+// the subids are a pretty limited resource, and local files seem
+// bound to step on any other allocations leading to insecure
+// conditions.
+static atomic_flag nss_init_started;
+static atomic_bool nss_init_completed;
+
+static struct subid_nss_ops *subid_nss;
+
+bool nss_is_initialized() {
+	return atomic_load(&nss_init_completed);
+}
+
+void nss_exit() {
+	if (nss_is_initialized() && subid_nss) {
+		dlclose(subid_nss->handle);
+		free(subid_nss);
+		subid_nss = NULL;
+	}
+}
+
+// nsswitch_path is an argument only to support testing.
+void nss_init(char *nsswitch_path) {
+	FILE *nssfp = NULL;
+	char *line = NULL, *p, *token, *saveptr;
+	size_t len = 0;
+
+	if (atomic_flag_test_and_set(&nss_init_started)) {
+		// Another thread has started nss_init, wait for it to complete
+		while (!atomic_load(&nss_init_completed))
+			usleep(100);
+		return;
+	}
+
+	if (!nsswitch_path)
+		nsswitch_path = NSSWITCH;
+
+	// read nsswitch.conf to check for a line like:
+	//   subid:	files
+	nssfp = fopen(nsswitch_path, "r");
+	if (!nssfp) {
+		fprintf(shadow_logfd, "Failed opening %s: %m", nsswitch_path);
+		atomic_store(&nss_init_completed, true);
+		return;
+	}
+	while ((getline(&line, &len, nssfp)) != -1) {
+		if (line[0] == '\0' || line[0] == '#')
+			continue;
+		if (strlen(line) < 8)
+			continue;
+		if (strncasecmp(line, "subid:", 6) != 0)
+			continue;
+		p = &line[6];
+		while ((*p) && isspace(*p))
+			p++;
+		if (!*p)
+			continue;
+		for (token = strtok_r(p, " \n\t", &saveptr);
+		     token;
+		     token = strtok_r(NULL, " \n\t", &saveptr)) {
+			char libname[65];
+			void *h;
+			if (strcmp(token, "files") == 0) {
+				subid_nss = NULL;
+				goto done;
+			}
+			if (strlen(token) > 50) {
+				fprintf(shadow_logfd, "Subid NSS module name too long (longer than 50 characters): %s\n", token);
+				fprintf(shadow_logfd, "Using files\n");
+				subid_nss = NULL;
+				goto done;
+			}
+			snprintf(libname, 64,  "libsubid_%s.so", token);
+			h = dlopen(libname, RTLD_LAZY);
+			if (!h) {
+				fprintf(shadow_logfd, "Error opening %s: %s\n", libname, dlerror());
+				fprintf(shadow_logfd, "Using files\n");
+				subid_nss = NULL;
+				goto done;
+			}
+			subid_nss = malloc(sizeof(*subid_nss));
+			if (!subid_nss) {
+				dlclose(h);
+				goto done;
+			}
+			subid_nss->has_range = dlsym(h, "shadow_subid_has_range");
+			if (!subid_nss->has_range) {
+				fprintf(shadow_logfd, "%s did not provide @has_range@\n", libname);
+				dlclose(h);
+				free(subid_nss);
+				subid_nss = NULL;
+				goto done;
+			}
+			subid_nss->list_owner_ranges = dlsym(h, "shadow_subid_list_owner_ranges");
+			if (!subid_nss->list_owner_ranges) {
+				fprintf(shadow_logfd, "%s did not provide @list_owner_ranges@\n", libname);
+				dlclose(h);
+				free(subid_nss);
+				subid_nss = NULL;
+				goto done;
+			}
+			subid_nss->find_subid_owners = dlsym(h, "shadow_subid_find_subid_owners");
+			if (!subid_nss->find_subid_owners) {
+				fprintf(shadow_logfd, "%s did not provide @find_subid_owners@\n", libname);
+				dlclose(h);
+				free(subid_nss);
+				subid_nss = NULL;
+				goto done;
+			}
+			subid_nss->handle = h;
+			goto done;
+		}
+		fprintf(shadow_logfd, "No usable subid NSS module found, using files\n");
+		// subid_nss has to be null here, but to ease reviews:
+		free(subid_nss);
+		subid_nss = NULL;
+		goto done;
+	}
+
+done:
+	atomic_store(&nss_init_completed, true);
+	free(line);
+	if (nssfp) {
+		atexit(nss_exit);
+		fclose(nssfp);
+	}
+}
+
+struct subid_nss_ops *get_subid_nss_handle() {
+	nss_init(NULL);
+	return subid_nss;
+}

lib/prototypes.h

@@ -59,7 +59,8 @@
 #include "defines.h"
 #include "commonio.h"
 
-extern /*@observer@*/ const char *Prog;
+extern /*@observer@*/ const char *Prog; /* Program name showed in error messages */
+extern FILE *shadow_logfd;  /* file descripter to which error messages are printed */
 
 /* addgrps.c */
 #if defined (HAVE_SETGROUPS) && ! defined (USE_PAM)
@@ -161,12 +162,10 @@ extern int find_new_uid (bool sys_user,
 
 #ifdef ENABLE_SUBIDS
 /* find_new_sub_gids.c */
-extern int find_new_sub_gids (const char *owner,
-			      gid_t *range_start, unsigned long *range_count);
+extern int find_new_sub_gids (gid_t *range_start, unsigned long *range_count);
 
 /* find_new_sub_uids.c */
-extern int find_new_sub_uids (const char *owner,
-			      uid_t *range_start, unsigned long *range_count);
+extern int find_new_sub_uids (uid_t *range_start, unsigned long *range_count);
 #endif				/* ENABLE_SUBIDS */
 
 
@@ -208,7 +207,9 @@ extern void __gr_set_changed (void);
 
 /* groupmem.c */
 extern /*@null@*/ /*@only@*/struct group *__gr_dup (const struct group *grent);
+extern void gr_free_members (struct group *grent);
 extern void gr_free (/*@out@*/ /*@only@*/struct group *grent);
+extern bool gr_append_member (struct group *grp, char *member);
 
 /* hushed.c */
 extern bool hushed (const char *username);
@@ -262,6 +263,62 @@ extern void motd (void);
 /* myname.c */
 extern /*@null@*//*@only@*/struct passwd *get_my_pwent (void);
 
+/* nss.c */
+#include <libsubid/subid.h>
+extern void nss_init(char *nsswitch_path);
+extern bool nss_is_initialized();
+
+struct subid_nss_ops {
+	/*
+	 * nss_has_range: does a user own a given subid range
+	 *
+	 * @owner: username
+	 * @start: first subid in queried range
+	 * @count: number of subids in queried range
+	 * @idtype: subuid or subgid
+	 * @result: true if @owner has been allocated the subid range.
+	 *
+	 * returns success if the module was able to determine an answer (true or false),
+	 * else an error status.
+	 */
+	enum subid_status (*has_range)(const char *owner, unsigned long start, unsigned long count, enum subid_type idtype, bool *result);
+
+	/*
+	 * nss_list_owner_ranges: list the subid ranges delegated to a user.
+	 *
+	 * @owner - string representing username being queried
+	 * @id_type - subuid or subgid
+	 * @ranges - pointer to an array of struct subid_range, or NULL.  The
+	 *           returned array must be freed by the caller.
+	 * @count - pointer to an integer into which the number of returned ranges
+	 *          is written.
+
+	 * returns success if the module was able to determine an answer,
+	 * else an error status.
+	 */
+	enum subid_status (*list_owner_ranges)(const char *owner, enum subid_type id_type, struct subid_range **ranges, int *count);
+
+	/*
+	 * nss_find_subid_owners: find uids who own a given subuid or subgid.
+	 *
+	 * @id - the delegated id (subuid or subgid) being queried
+	 * @id_type - subuid or subgid
+	 * @uids - pointer to an array of uids which will be allocated by
+	 *         nss_find_subid_owners()
+	 * @count - number of uids found
+	 *
+	 * returns success if the module was able to determine an answer,
+	 * else an error status.
+	 */
+	enum subid_status (*find_subid_owners)(unsigned long id, enum subid_type id_type, uid_t **uids, int *count);
+
+	/* The dlsym handle to close */
+	void *handle;
+};
+
+extern struct subid_nss_ops *get_subid_nss_handle();
+
+
 /* pam_pass_non_interactive.c */
 #ifdef USE_PAM
 extern int do_pam_passwd_non_interactive (const char *pam_service,
@@ -334,7 +391,7 @@ extern /*@observer@*/const char *crypt_make_salt (/*@null@*//*@observer@*/const
 
 /* selinux.c */
 #ifdef WITH_SELINUX
-extern int set_selinux_file_context (const char *dst_name);
+extern int set_selinux_file_context (const char *dst_name, mode_t mode);
 extern int reset_selinux_file_context (void);
 extern int check_selinux_permit (const char *perm_name);
 #endif
@@ -448,6 +505,7 @@ extern bool valid (const char *, const struct passwd *);
 extern /*@maynotreturn@*/ /*@only@*//*@out@*//*@notnull@*/char *xmalloc (size_t size)
   /*@ensures MaxSet(result) == (size - 1); @*/;
 extern /*@maynotreturn@*/ /*@only@*//*@notnull@*/char *xstrdup (const char *);
+extern void xfree(void *ap);
 
 /* xgetpwnam.c */
 extern /*@null@*/ /*@only@*/struct passwd *xgetpwnam (const char *);

lib/run_part.c

@@ -0,0 +1,102 @@
+#include <dirent.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
+#include <lib/prototypes.h>
+
+int run_part (char *script_path, char *name, char *action)
+{
+	int pid;
+	int wait_status;
+	int pid_status;
+	char *args[] = { script_path, NULL };
+
+	pid=fork();
+	if (pid==-1){
+		perror ("Could not fork");
+		return 1;
+	}
+	if (pid==0) {
+		setenv ("ACTION",action,1);
+		setenv ("SUBJECT",name,1);
+		execv (script_path,args);
+		perror ("execv");
+		exit(1);
+	}
+
+	pid_status = wait (&wait_status);
+	if (pid_status == pid) {
+		return (wait_status);
+	}
+
+	perror ("waitpid");
+	return (1);
+}
+
+int run_parts (char *directory, char *name, char *action)
+{
+	struct dirent **namelist;
+	int scanlist;
+	int n;
+	int execute_result;
+
+	scanlist = scandir (directory, &namelist, 0, alphasort);
+	if (scanlist<0) {
+		return (0);
+	}
+
+	for (n=0; n<scanlist; n++) {
+		int path_length;
+		struct stat sb;
+
+		path_length=strlen(directory) + strlen(namelist[n]->d_name) + 2;
+		char *s = (char*)malloc(path_length);
+		if (!s) {
+			printf ("could not allocate memory\n");
+			for (; n<scanlist; n++) {
+				free (namelist[n]);
+			}
+			free (namelist);
+			return (1);
+		}
+		snprintf (s, path_length, "%s/%s", directory, namelist[n]->d_name);
+
+		execute_result = 0;
+		if (stat (s, &sb) == -1) {
+			perror ("stat");
+			free (s);
+			for (; n<scanlist; n++) {
+				free (namelist[n]);
+			}
+			free (namelist);
+			return (1);
+		}
+
+		if (S_ISREG (sb.st_mode) || S_ISLNK (sb.st_mode)) {
+			execute_result = run_part (s, name, action);
+		}
+
+		free (s);
+
+		if (execute_result!=0) {
+			fprintf (shadow_logfd,
+				"%s: did not exit cleanly.\n",
+			    namelist[n]->d_name);
+			for (; n<scanlist; n++) {
+				free (namelist[n]);
+			}
+			break;
+		}
+
+		free (namelist[n]);
+	}
+	free (namelist);
+
+	return (execute_result);
+}
+

lib/run_part.h

@@ -0,0 +1,2 @@
+int run_part (char *script_path, char *name, char *action);
+int run_parts (char *directory, char *name, char *action);

lib/selinux.c

@@ -35,11 +35,20 @@
 #include "defines.h"
 
 #include <selinux/selinux.h>
-#include <selinux/context.h>
+#include <selinux/label.h>
 #include "prototypes.h"
 
 static bool selinux_checked = false;
 static bool selinux_enabled;
+static /*@null@*/struct selabel_handle *selabel_hnd = NULL;
+
+static void cleanup(void)
+{
+	if (selabel_hnd) {
+		selabel_close(selabel_hnd);
+		selabel_hnd = NULL;
+	}
+}
 
 /*
  * set_selinux_file_context - Set the security context before any file or
@@ -51,10 +60,8 @@ static bool selinux_enabled;
  *	Callers may have to Reset SELinux to create files with default
  *	contexts with reset_selinux_file_context
  */
-int set_selinux_file_context (const char *dst_name)
+int set_selinux_file_context (const char *dst_name, mode_t mode)
 {
-	/*@null@*/security_context_t scontext = NULL;
-
 	if (!selinux_checked) {
 		selinux_enabled = is_selinux_enabled () > 0;
 		selinux_checked = true;
@@ -62,18 +69,34 @@ int set_selinux_file_context (const char *dst_name)
 
 	if (selinux_enabled) {
 		/* Get the default security context for this file */
-		if (matchpathcon (dst_name, 0, &scontext) < 0) {
-			if (security_getenforce () != 0) {
-				return 1;
+
+		/*@null@*/char *fcontext_raw = NULL;
+		int r;
+
+		if (selabel_hnd == NULL) {
+			selabel_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
+			if (selabel_hnd == NULL) {
+				return security_getenforce () != 0;
 			}
+			(void) atexit(cleanup);
 		}
+
+		r = selabel_lookup_raw(selabel_hnd, &fcontext_raw, dst_name, mode);
+		if (r < 0) {
+			/* No context specified for the searched path */
+			if (errno == ENOENT) {
+				return 0;
+			}
+
+			return security_getenforce () != 0;
+		}
+
 		/* Set the security context for the next created file */
-		if (setfscreatecon (scontext) < 0) {
-			if (security_getenforce () != 0) {
-				return 1;
-			}
+		r = setfscreatecon_raw (fcontext_raw);
+		freecon (fcontext_raw);
+		if (r < 0) {
+			return security_getenforce () != 0;
 		}
-		freecon (scontext);
 	}
 	return 0;
 }
@@ -92,8 +115,8 @@ int reset_selinux_file_context (void)
 		selinux_checked = true;
 	}
 	if (selinux_enabled) {
-		if (setfscreatecon (NULL) != 0) {
-			return 1;
+		if (setfscreatecon_raw (NULL) != 0) {
+			return security_getenforce () != 0;
 		}
 	}
 	return 0;
@@ -131,7 +154,7 @@ static int selinux_log_cb (int type, const char *fmt, ...) {
 			    && (errno != EAFNOSUPPORT)) {
 
 			    (void) fputs (_("Cannot open audit interface.\n"),
-			              stderr);
+			              shadow_logfd);
 			    SYSLOG ((LOG_WARN, "Cannot open audit interface."));
 			}
 		}
@@ -174,7 +197,7 @@ skip_syslog:
  */
 int check_selinux_permit (const char *perm_name)
 {
-	char *user_context_str;
+	char *user_context_raw;
 	int r;
 
 	if (0 == is_selinux_enabled ()) {
@@ -183,8 +206,8 @@ int check_selinux_permit (const char *perm_name)
 
 	selinux_set_callback (SELINUX_CB_LOG, (union selinux_callback) selinux_log_cb);
 
-	if (getprevcon (&user_context_str) != 0) {
-		fprintf (stderr,
+	if (getprevcon_raw (&user_context_raw) != 0) {
+		fprintf (shadow_logfd,
 		    _("%s: can not get previous SELinux process context: %s\n"),
 		    Prog, strerror (errno));
 		SYSLOG ((LOG_WARN,
@@ -193,8 +216,8 @@ int check_selinux_permit (const char *perm_name)
 		return (security_getenforce () != 0);
 	}
 
-	r = selinux_check_access (user_context_str, user_context_str, "passwd", perm_name, NULL);
-	freecon (user_context_str);
+	r = selinux_check_access (user_context_raw, user_context_raw, "passwd", perm_name, NULL);
+	freecon (user_context_raw);
 	return r;
 }
 

lib/semanage.c

@@ -69,7 +69,7 @@ static void semanage_error_callback (unused void *varg,
 	switch (semanage_msg_get_level (handle)) {
 	case SEMANAGE_MSG_ERR:
 	case SEMANAGE_MSG_WARN:
-		fprintf (stderr, _("[libsemanage]: %s\n"), message);
+		fprintf (shadow_logfd, _("[libsemanage]: %s\n"), message);
 		break;
 	case SEMANAGE_MSG_INFO:
 		/* nop */
@@ -87,7 +87,7 @@ static semanage_handle_t *semanage_init (void)
 
 	handle = semanage_handle_create ();
 	if (NULL == handle) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Cannot create SELinux management handle\n"));
 		return NULL;
 	}
@@ -96,26 +96,26 @@ static semanage_handle_t *semanage_init (void)
 
 	ret = semanage_is_managed (handle);
 	if (ret != 1) {
-		fprintf (stderr, _("SELinux policy not managed\n"));
+		fprintf (shadow_logfd, _("SELinux policy not managed\n"));
 		goto fail;
 	}
 
 	ret = semanage_access_check (handle);
 	if (ret < SEMANAGE_CAN_READ) {
-		fprintf (stderr, _("Cannot read SELinux policy store\n"));
+		fprintf (shadow_logfd, _("Cannot read SELinux policy store\n"));
 		goto fail;
 	}
 
 	ret = semanage_connect (handle);
 	if (ret != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Cannot establish SELinux management connection\n"));
 		goto fail;
 	}
 
 	ret = semanage_begin_transaction (handle);
 	if (ret != 0) {
-		fprintf (stderr, _("Cannot begin SELinux transaction\n"));
+		fprintf (shadow_logfd, _("Cannot begin SELinux transaction\n"));
 		goto fail;
 	}
 
@@ -137,7 +137,7 @@ static int semanage_user_mod (semanage_handle_t *handle,
 
 	semanage_seuser_query (handle, key, &seuser);
 	if (NULL == seuser) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Could not query seuser for %s\n"), login_name);
 		ret = 1;
 		goto done;
@@ -145,7 +145,7 @@ static int semanage_user_mod (semanage_handle_t *handle,
 
 	ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
 	if (ret != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Could not set serange for %s\n"), login_name);
 		ret = 1;
 		goto done;
@@ -153,7 +153,7 @@ static int semanage_user_mod (semanage_handle_t *handle,
 
 	ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
 	if (ret != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Could not set sename for %s\n"),
 		         login_name);
 		ret = 1;
@@ -162,7 +162,7 @@ static int semanage_user_mod (semanage_handle_t *handle,
 
 	ret = semanage_seuser_modify_local (handle, key, seuser);
 	if (ret != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Could not modify login mapping for %s\n"),
 		         login_name);
 		ret = 1;
@@ -186,7 +186,7 @@ static int semanage_user_add (semanage_handle_t *handle,
 
 	ret = semanage_seuser_create (handle, &seuser);
 	if (ret != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Cannot create SELinux login mapping for %s\n"),
 		         login_name);
 		ret = 1;
@@ -195,14 +195,14 @@ static int semanage_user_add (semanage_handle_t *handle,
 
 	ret = semanage_seuser_set_name (handle, seuser, login_name);
 	if (ret != 0) {
-		fprintf (stderr, _("Could not set name for %s\n"), login_name);
+		fprintf (shadow_logfd, _("Could not set name for %s\n"), login_name);
 		ret = 1;
 		goto done;
 	}
 
 	ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
 	if (ret != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Could not set serange for %s\n"),
 		         login_name);
 		ret = 1;
@@ -211,7 +211,7 @@ static int semanage_user_add (semanage_handle_t *handle,
 
 	ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
 	if (ret != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Could not set SELinux user for %s\n"),
 		         login_name);
 		ret = 1;
@@ -220,7 +220,7 @@ static int semanage_user_add (semanage_handle_t *handle,
 
 	ret = semanage_seuser_modify_local (handle, key, seuser);
 	if (ret != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Could not add login mapping for %s\n"),
 		         login_name);
 		ret = 1;
@@ -248,21 +248,21 @@ int set_seuser (const char *login_name, const char *seuser_name)
 
 	handle = semanage_init ();
 	if (NULL == handle) {
-		fprintf (stderr, _("Cannot init SELinux management\n"));
+		fprintf (shadow_logfd, _("Cannot init SELinux management\n"));
 		ret = 1;
 		goto done;
 	}
 
 	ret = semanage_seuser_key_create (handle, login_name, &key);
 	if (ret != 0) {
-		fprintf (stderr, _("Cannot create SELinux user key\n"));
+		fprintf (shadow_logfd, _("Cannot create SELinux user key\n"));
 		ret = 1;
 		goto done;
 	}
 
 	ret = semanage_seuser_exists (handle, key, &seuser_exists);
 	if (ret < 0) {
-		fprintf (stderr, _("Cannot verify the SELinux user\n"));
+		fprintf (shadow_logfd, _("Cannot verify the SELinux user\n"));
 		ret = 1;
 		goto done;
 	}
@@ -270,7 +270,7 @@ int set_seuser (const char *login_name, const char *seuser_name)
 	if (0 != seuser_exists) {
 		ret = semanage_user_mod (handle, key, login_name, seuser_name);
 		if (ret != 0) {
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 			         _("Cannot modify SELinux user mapping\n"));
 			ret = 1;
 			goto done;
@@ -278,7 +278,7 @@ int set_seuser (const char *login_name, const char *seuser_name)
 	} else {
 		ret = semanage_user_add (handle, key, login_name, seuser_name);
 		if (ret != 0) {
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 			         _("Cannot add SELinux user mapping\n"));
 			ret = 1;
 			goto done;
@@ -287,7 +287,7 @@ int set_seuser (const char *login_name, const char *seuser_name)
 
 	ret = semanage_commit (handle);
 	if (ret < 0) {
-		fprintf (stderr, _("Cannot commit SELinux transaction\n"));
+		fprintf (shadow_logfd, _("Cannot commit SELinux transaction\n"));
 		ret = 1;
 		goto done;
 	}
@@ -310,27 +310,27 @@ int del_seuser (const char *login_name)
 
 	handle = semanage_init ();
 	if (NULL == handle) {
-		fprintf (stderr, _("Cannot init SELinux management\n"));
+		fprintf (shadow_logfd, _("Cannot init SELinux management\n"));
 		ret = 1;
 		goto done;
 	}
 
 	ret = semanage_seuser_key_create (handle, login_name, &key);
 	if (ret != 0) {
-		fprintf (stderr, _("Cannot create SELinux user key\n"));
+		fprintf (shadow_logfd, _("Cannot create SELinux user key\n"));
 		ret = 1;
 		goto done;
 	}
 
 	ret = semanage_seuser_exists (handle, key, &exists);
 	if (ret < 0) {
-		fprintf (stderr, _("Cannot verify the SELinux user\n"));
+		fprintf (shadow_logfd, _("Cannot verify the SELinux user\n"));
 		ret = 1;
 		goto done;
 	}
 
 	if (0 == exists) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Login mapping for %s is not defined, OK if default mapping was used\n"), 
 		         login_name);
 		ret = 0;  /* probably default mapping */
@@ -339,13 +339,13 @@ int del_seuser (const char *login_name)
 
 	ret = semanage_seuser_exists_local (handle, key, &exists);
 	if (ret < 0) {
-		fprintf (stderr, _("Cannot verify the SELinux user\n"));
+		fprintf (shadow_logfd, _("Cannot verify the SELinux user\n"));
 		ret = 1;
 		goto done;
 	}
 
 	if (0 == exists) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Login mapping for %s is defined in policy, cannot be deleted\n"), 
 		         login_name);
 		ret = 0; /* Login mapping defined in policy can't be deleted */
@@ -354,7 +354,7 @@ int del_seuser (const char *login_name)
 
 	ret = semanage_seuser_del_local (handle, key);
 	if (ret != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Could not delete login mapping for %s"),
 		         login_name);
 		ret = 1;
@@ -363,7 +363,7 @@ int del_seuser (const char *login_name)
 
 	ret = semanage_commit (handle);
 	if (ret < 0) {
-		fprintf (stderr, _("Cannot commit SELinux transaction\n"));
+		fprintf (shadow_logfd, _("Cannot commit SELinux transaction\n"));
 		ret = 1;
 		goto done;
 	}

lib/sgetspent.c

@@ -52,7 +52,6 @@ struct spwd *sgetspent (const char *string)
 	static struct spwd spwd;
 	char *fields[FIELDS];
 	char *cp;
-	char *cpp;
 	int i;
 
 	/*

lib/shadow.c

@@ -130,7 +130,6 @@ static struct spwd *my_sgetspent (const char *string)
 	static struct spwd spwd;
 	char *fields[FIELDS];
 	char *cp;
-	char *cpp;
 	int i;
 
 	/*
@@ -389,7 +388,6 @@ struct spwd *getspent (void)
 #ifdef	USE_NIS
 	int nis_1_user = 0;
 	struct spwd *val;
-	char buf[BUFSIZ];
 #endif
 	if (NULL == shadow) {
 		setspent ();
@@ -484,7 +482,6 @@ struct spwd *getspnam (const char *name)
 	struct spwd *sp;
 
 #ifdef	USE_NIS
-	char buf[BUFSIZ];
 	static char save_name[16];
 	bool nis_disabled = false;
 #endif

lib/spawn.c

@@ -48,7 +48,7 @@ int run_command (const char *cmd, const char *argv[],
 	}
 
 	(void) fflush (stdout);
-	(void) fflush (stderr);
+	(void) fflush (shadow_logfd);
 
 	pid = fork ();
 	if (0 == pid) {
@@ -57,11 +57,11 @@ int run_command (const char *cmd, const char *argv[],
 		if (ENOENT == errno) {
 			exit (E_CMD_NOTFOUND);
 		}
-		fprintf (stderr, "%s: cannot execute %s: %s\n",
+		fprintf (shadow_logfd, "%s: cannot execute %s: %s\n",
 		         Prog, cmd, strerror (errno));
 		exit (E_CMD_NOEXEC);
 	} else if ((pid_t)-1 == pid) {
-		fprintf (stderr, "%s: cannot execute %s: %s\n",
+		fprintf (shadow_logfd, "%s: cannot execute %s: %s\n",
 		         Prog, cmd, strerror (errno));
 		return -1;
 	}
@@ -74,7 +74,7 @@ int run_command (const char *cmd, const char *argv[],
 	         || ((pid_t)-1 != wpid && wpid != pid));
 
 	if ((pid_t)-1 == wpid) {
-		fprintf (stderr, "%s: waitpid (status: %d): %s\n",
+		fprintf (shadow_logfd, "%s: waitpid (status: %d): %s\n",
 		         Prog, *status, strerror (errno));
 		return -1;
 	}

lib/sssd.c

@@ -11,7 +11,7 @@
 #include "prototypes.h"
 #include "sssd.h"
 
-#define MSG_SSSD_FLUSH_CACHE_FAILED "%s: Failed to flush the sssd cache.\n"
+#define MSG_SSSD_FLUSH_CACHE_FAILED "%s: Failed to flush the sssd cache."
 
 int sssd_flush_cache (int dbflags)
 {
@@ -46,24 +46,22 @@ int sssd_flush_cache (int dbflags)
 	free(sss_cache_args);
 	if (rv != 0) {
 		/* run_command writes its own more detailed message. */
-		(void) fprintf (stderr, _(MSG_SSSD_FLUSH_CACHE_FAILED), Prog);
+		SYSLOG ((LOG_WARN, MSG_SSSD_FLUSH_CACHE_FAILED, Prog));
 		return -1;
 	}
 
 	code = WEXITSTATUS (status);
 	if (!WIFEXITED (status)) {
-		(void) fprintf (stderr,
-		                _("%s: sss_cache did not terminate normally (signal %d)\n"),
-		                Prog, WTERMSIG (status));
+		SYSLOG ((LOG_WARN, "%s: sss_cache did not terminate normally (signal %d)",
+			Prog, WTERMSIG (status)));
 		return -1;
 	} else if (code == E_CMD_NOTFOUND) {
 		/* sss_cache is not installed, or it is installed but uses an
 		   interpreter that is missing.  Probably the former. */
 		return 0;
 	} else if (code != 0) {
-		(void) fprintf (stderr, _("%s: sss_cache exited with status %d\n"),
-		                Prog, code);
-		(void) fprintf (stderr, _(MSG_SSSD_FLUSH_CACHE_FAILED), Prog);
+		SYSLOG ((LOG_WARN, "%s: sss_cache exited with status %d", Prog, code));
+		SYSLOG ((LOG_WARN, MSG_SSSD_FLUSH_CACHE_FAILED, Prog));
 		return -1;
 	}
 

lib/subordinateio.c

@@ -11,16 +11,11 @@
 #include <stdio.h>
 #include "commonio.h"
 #include "subordinateio.h"
+#include "../libsubid/subid.h"
 #include <sys/types.h>
 #include <pwd.h>
-
-struct subordinate_range {
-	const char *owner;
-	unsigned long start;
-	unsigned long count;
-};
-
-#define NFIELDS 3
+#include <ctype.h>
+#include <fcntl.h>
 
 /*
  * subordinate_dup: create a duplicate range
@@ -78,7 +73,7 @@ static void *subordinate_parse (const char *line)
 	static char rangebuf[1024];
 	int i;
 	char *cp;
-	char *fields[NFIELDS];
+	char *fields[SUBID_NFIELDS];
 
 	/*
 	 * Copy the string to a temporary buffer so the substrings can
@@ -93,7 +88,7 @@ static void *subordinate_parse (const char *line)
 	 * field.  The fields are converted into NUL terminated strings.
 	 */
 
-	for (cp = rangebuf, i = 0; (i < NFIELDS) && (NULL != cp); i++) {
+	for (cp = rangebuf, i = 0; (i < SUBID_NFIELDS) && (NULL != cp); i++) {
 		fields[i] = cp;
 		while (('\0' != *cp) && (':' != *cp)) {
 			cp++;
@@ -108,10 +103,10 @@ static void *subordinate_parse (const char *line)
 	}
 
 	/*
-	 * There must be exactly NFIELDS colon separated fields or
+	 * There must be exactly SUBID_NFIELDS colon separated fields or
 	 * the entry is invalid.  Also, fields must be non-blank.
 	 */
-	if (i != NFIELDS || *fields[0] == '\0' || *fields[1] == '\0' || *fields[2] == '\0')
+	if (i != SUBID_NFIELDS || *fields[0] == '\0' || *fields[1] == '\0' || *fields[2] == '\0')
 		return NULL;
 	range.owner = fields[0];
 	if (getulong (fields[1], &range.start) == 0)
@@ -314,6 +309,35 @@ static bool have_range(struct commonio_db *db,
 	return false;
 }
 
+static bool append_range(struct subid_range **ranges, const struct subordinate_range *new, int n)
+{
+	if (!*ranges) {
+		*ranges = malloc(sizeof(struct subid_range));
+		if (!*ranges)
+			return false;
+	} else {
+		struct subid_range *alloced;
+		alloced = realloc(*ranges, (n + 1) * (sizeof(struct subid_range)));
+		if (!alloced)
+			return false;
+		*ranges = alloced;
+	}
+	(*ranges)[n].start = new->start;
+	(*ranges)[n].count = new->count;
+	return true;
+}
+
+void free_subordinate_ranges(struct subordinate_range **ranges, int count)
+{
+	int i;
+
+	if (!ranges)
+		return;
+	for (i = 0; i < count; i++)
+		subordinate_free(ranges[i]);
+	free(ranges);
+}
+
 /*
  * subordinate_range_cmp: compare uid ranges
  *
@@ -574,23 +598,37 @@ int sub_uid_open (int mode)
 	return commonio_open (&subordinate_uid_db, mode);
 }
 
-bool sub_uid_assigned(const char *owner)
+bool local_sub_uid_assigned(const char *owner)
 {
 	return range_exists (&subordinate_uid_db, owner);
 }
 
 bool have_sub_uids(const char *owner, uid_t start, unsigned long count)
 {
+	struct subid_nss_ops *h;
+	bool found;
+	enum subid_status status;
+	h = get_subid_nss_handle();
+	if (h) {
+		status = h->has_range(owner, start, count, ID_TYPE_UID, &found);
+		if (status == SUBID_STATUS_SUCCESS && found)
+			return true;
+		return false;
+	}
 	return have_range (&subordinate_uid_db, owner, start, count);
 }
 
 int sub_uid_add (const char *owner, uid_t start, unsigned long count)
 {
+	if (get_subid_nss_handle())
+		return -EOPNOTSUPP;
 	return add_range (&subordinate_uid_db, owner, start, count);
 }
 
 int sub_uid_remove (const char *owner, uid_t start, unsigned long count)
 {
+	if (get_subid_nss_handle())
+		return -EOPNOTSUPP;
 	return remove_range (&subordinate_uid_db, owner, start, count);
 }
 
@@ -658,21 +696,35 @@ int sub_gid_open (int mode)
 
 bool have_sub_gids(const char *owner, gid_t start, unsigned long count)
 {
+	struct subid_nss_ops *h;
+	bool found;
+	enum subid_status status;
+	h = get_subid_nss_handle();
+	if (h) {
+		status = h->has_range(owner, start, count, ID_TYPE_GID, &found);
+		if (status == SUBID_STATUS_SUCCESS && found)
+			return true;
+		return false;
+	}
 	return have_range(&subordinate_gid_db, owner, start, count);
 }
 
-bool sub_gid_assigned(const char *owner)
+bool local_sub_gid_assigned(const char *owner)
 {
 	return range_exists (&subordinate_gid_db, owner);
 }
 
 int sub_gid_add (const char *owner, gid_t start, unsigned long count)
 {
+	if (get_subid_nss_handle())
+		return -EOPNOTSUPP;
 	return add_range (&subordinate_gid_db, owner, start, count);
 }
 
 int sub_gid_remove (const char *owner, gid_t start, unsigned long count)
 {
+	if (get_subid_nss_handle())
+		return -EOPNOTSUPP;
 	return remove_range (&subordinate_gid_db, owner, start, count);
 }
 
@@ -692,6 +744,308 @@ gid_t sub_gid_find_free_range(gid_t min, gid_t max, unsigned long count)
 	start = find_free_range (&subordinate_gid_db, min, max, count);
 	return start == ULONG_MAX ? (gid_t) -1 : start;
 }
+
+/*
+ * int list_owner_ranges(const char *owner, enum subid_type id_type, struct subordinate_range ***ranges)
+ *
+ * @owner: username
+ * @id_type: UID or GUID
+ * @ranges: pointer to array of ranges into which results will be placed.
+ *
+ * Fills in the subuid or subgid ranges which are owned by the specified
+ * user.  Username may be a username or a string representation of a
+ * UID number.  If id_type is UID, then subuids are returned, else
+ * subgids are given.
+
+ * Returns the number of ranges found, or < 0 on error.
+ *
+ * The caller must free the subordinate range list.
+ */
+int list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_range **in_ranges)
+{
+	// TODO - need to handle owner being either uid or username
+	struct subid_range *ranges = NULL;
+	const struct subordinate_range *range;
+	struct commonio_db *db;
+	enum subid_status status;
+	int count = 0;
+	struct subid_nss_ops *h;
+
+	*in_ranges = NULL;
+
+	h = get_subid_nss_handle();
+	if (h) {
+		status = h->list_owner_ranges(owner, id_type, in_ranges, &count);
+		if (status == SUBID_STATUS_SUCCESS)
+			return count;
+		return -1;
+	}
+
+	switch (id_type) {
+	case ID_TYPE_UID:
+		if (!sub_uid_open(O_RDONLY)) {
+			return -1;
+		}
+		db = &subordinate_uid_db;
+		break;
+	case ID_TYPE_GID:
+		if (!sub_gid_open(O_RDONLY)) {
+			return -1;
+		}
+		db = &subordinate_gid_db;
+		break;
+	default:
+		return -1;
+	}
+
+	commonio_rewind(db);
+	while ((range = commonio_next(db)) != NULL) {
+		if (0 == strcmp(range->owner, owner)) {
+			if (!append_range(&ranges, range, count++)) {
+				free(ranges);
+				ranges = NULL;
+				count = -1;
+				goto out;
+			}
+		}
+	}
+
+out:
+	if (id_type == ID_TYPE_UID)
+		sub_uid_close();
+	else
+		sub_gid_close();
+
+	*in_ranges = ranges;
+	return count;
+}
+
+static bool all_digits(const char *str)
+{
+	int i;
+
+	for (i = 0; str[i] != '\0'; i++)
+		if (!isdigit(str[i]))
+			return false;
+	return true;
+}
+
+static int append_uids(uid_t **uids, const char *owner, int n)
+{
+	uid_t owner_uid;
+	uid_t *ret;
+	int i;
+
+	if (all_digits(owner)) {
+		i = sscanf(owner, "%d", &owner_uid);
+		if (i != 1) {
+			// should not happen
+			free(*uids);
+			*uids = NULL;
+			return -1;
+		}
+	} else {
+		struct passwd *pwd = getpwnam(owner);
+		if (NULL == pwd) {
+			/* Username not defined in /etc/passwd, or error occured during lookup */
+			free(*uids);
+			*uids = NULL;
+			return -1;
+		}
+		owner_uid = pwd->pw_uid;
+	}
+
+	for (i = 0; i < n; i++) {
+		if (owner_uid == (*uids)[i])
+			return n;
+	}
+
+	ret = realloc(*uids, (n + 1) * sizeof(uid_t));
+	if (!ret) {
+		free(*uids);
+		return -1;
+	}
+	ret[n] = owner_uid;
+	*uids = ret;
+	return n+1;
+}
+
+int find_subid_owners(unsigned long id, enum subid_type id_type, uid_t **uids)
+{
+	const struct subordinate_range *range;
+	struct subid_nss_ops *h;
+	enum subid_status status;
+	struct commonio_db *db;
+	int n = 0;
+
+	h = get_subid_nss_handle();
+	if (h) {
+		status = h->find_subid_owners(id, id_type, uids, &n);
+		// Several ways we could handle the error cases here.
+		if (status != SUBID_STATUS_SUCCESS)
+			return -1;
+		return n;
+	}
+
+	switch (id_type) {
+	case ID_TYPE_UID:
+		if (!sub_uid_open(O_RDONLY)) {
+			return -1;
+		}
+		db = &subordinate_uid_db;
+		break;
+	case ID_TYPE_GID:
+		if (!sub_gid_open(O_RDONLY)) {
+			return -1;
+		}
+		db = &subordinate_gid_db;
+		break;
+	default:
+		return -1;
+	}
+
+	*uids = NULL;
+
+	commonio_rewind(db);
+	while ((range = commonio_next(db)) != NULL) {
+		if (id >= range->start && id < range->start + range-> count) {
+			n = append_uids(uids, range->owner, n);
+			if (n < 0)
+				break;
+		}
+	}
+
+	if (id_type == ID_TYPE_UID)
+		sub_uid_close();
+	else
+		sub_gid_close();
+
+	return n;
+}
+
+bool new_subid_range(struct subordinate_range *range, enum subid_type id_type, bool reuse)
+{
+	struct commonio_db *db;
+	const struct subordinate_range *r;
+	bool ret;
+
+	if (get_subid_nss_handle())
+		return false;
+
+	switch (id_type) {
+	case ID_TYPE_UID:
+		if (!sub_uid_lock()) {
+			printf("Failed loging subuids (errno %d)\n", errno);
+			return false;
+		}
+		if (!sub_uid_open(O_CREAT | O_RDWR)) {
+			printf("Failed opening subuids (errno %d)\n", errno);
+			sub_uid_unlock();
+			return false;
+		}
+		db = &subordinate_uid_db;
+		break;
+	case ID_TYPE_GID:
+		if (!sub_gid_lock()) {
+			printf("Failed loging subgids (errno %d)\n", errno);
+			return false;
+		}
+		if (!sub_gid_open(O_CREAT | O_RDWR)) {
+			printf("Failed opening subgids (errno %d)\n", errno);
+			sub_gid_unlock();
+			return false;
+		}
+		db = &subordinate_gid_db;
+		break;
+	default:
+		return false;
+	}
+
+	commonio_rewind(db);
+	if (reuse) {
+		while ((r = commonio_next(db)) != NULL) {
+			// TODO account for username vs uid_t
+			if (0 != strcmp(r->owner, range->owner))
+				continue;
+			if (r->count >= range->count) {
+				range->count = r->count;
+				range->start = r->start;
+				return true;
+			}
+		}
+	}
+
+	range->start = find_free_range(db, range->start, ULONG_MAX, range->count);
+
+	if (range->start == ULONG_MAX) {
+		ret = false;
+		goto out;
+	}
+
+	ret = add_range(db, range->owner, range->start, range->count) == 1;
+
+out:
+	if (id_type == ID_TYPE_UID) {
+		sub_uid_close();
+		sub_uid_unlock();
+	} else {
+		sub_gid_close();
+		sub_gid_unlock();
+	}
+
+	return ret;
+}
+
+bool release_subid_range(struct subordinate_range *range, enum subid_type id_type)
+{
+	struct commonio_db *db;
+	bool ret;
+
+	if (get_subid_nss_handle())
+		return false;
+
+	switch (id_type) {
+	case ID_TYPE_UID:
+		if (!sub_uid_lock()) {
+			printf("Failed loging subuids (errno %d)\n", errno);
+			return false;
+		}
+		if (!sub_uid_open(O_CREAT | O_RDWR)) {
+			printf("Failed opening subuids (errno %d)\n", errno);
+			sub_uid_unlock();
+			return false;
+		}
+		db = &subordinate_uid_db;
+		break;
+	case ID_TYPE_GID:
+		if (!sub_gid_lock()) {
+			printf("Failed loging subgids (errno %d)\n", errno);
+			return false;
+		}
+		if (!sub_gid_open(O_CREAT | O_RDWR)) {
+			printf("Failed opening subgids (errno %d)\n", errno);
+			sub_gid_unlock();
+			return false;
+		}
+		db = &subordinate_gid_db;
+		break;
+	default:
+		return false;
+	}
+
+	ret = remove_range(db, range->owner, range->start, range->count) == 1;
+
+	if (id_type == ID_TYPE_UID) {
+		sub_uid_close();
+		sub_uid_unlock();
+	} else {
+		sub_gid_close();
+		sub_gid_unlock();
+	}
+
+	return ret;
+}
+
 #else				/* !ENABLE_SUBIDS */
 extern int errno;		/* warning: ANSI C forbids an empty source file */
 #endif				/* !ENABLE_SUBIDS */

lib/subordinateio.h

@@ -11,10 +11,12 @@
 
 #include <sys/types.h>
 
+#include "../libsubid/subid.h"
+
 extern int sub_uid_close(void);
 extern bool have_sub_uids(const char *owner, uid_t start, unsigned long count);
 extern bool sub_uid_file_present (void);
-extern bool sub_uid_assigned(const char *owner);
+extern bool local_sub_uid_assigned(const char *owner);
 extern int sub_uid_lock (void);
 extern int sub_uid_setdbname (const char *filename);
 extern /*@observer@*/const char *sub_uid_dbname (void);
@@ -23,11 +25,16 @@ extern int sub_uid_unlock (void);
 extern int sub_uid_add (const char *owner, uid_t start, unsigned long count);
 extern int sub_uid_remove (const char *owner, uid_t start, unsigned long count);
 extern uid_t sub_uid_find_free_range(uid_t min, uid_t max, unsigned long count);
+extern int list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_range **ranges);
+extern bool new_subid_range(struct subordinate_range *range, enum subid_type id_type, bool reuse);
+extern bool release_subid_range(struct subordinate_range *range, enum subid_type id_type);
+extern int find_subid_owners(unsigned long id, enum subid_type id_type, uid_t **uids);
+extern void free_subordinate_ranges(struct subordinate_range **ranges, int count);
 
 extern int sub_gid_close(void);
 extern bool have_sub_gids(const char *owner, gid_t start, unsigned long count);
 extern bool sub_gid_file_present (void);
-extern bool sub_gid_assigned(const char *owner);
+extern bool local_sub_gid_assigned(const char *owner);
 extern int sub_gid_lock (void);
 extern int sub_gid_setdbname (const char *filename);
 extern /*@observer@*/const char *sub_gid_dbname (void);

lib/tcbfuncs.c

@@ -72,8 +72,8 @@ shadowtcb_status shadowtcb_gain_priv (void)
  * to exit soon.
  */
 #define OUT_OF_MEMORY do { \
-	fprintf (stderr, _("%s: out of memory\n"), Prog); \
-	(void) fflush (stderr); \
+	fprintf (shadow_logfd, _("%s: out of memory\n"), Prog); \
+	(void) fflush (shadow_logfd); \
 } while (false)
 
 /* Returns user's tcb directory path relative to TCB_DIR. */
@@ -116,7 +116,7 @@ static /*@null@*/ char *shadowtcb_path_rel_existing (const char *name)
 		return NULL;
 	}
 	if (lstat (path, &st) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot stat %s: %s\n"),
 		         Prog, path, strerror (errno));
 		free (path);
@@ -132,7 +132,7 @@ static /*@null@*/ char *shadowtcb_path_rel_existing (const char *name)
 		return rval;
 	}
 	if (!S_ISLNK (st.st_mode)) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: %s is neither a directory, nor a symlink.\n"),
 		         Prog, path);
 		free (path);
@@ -140,7 +140,7 @@ static /*@null@*/ char *shadowtcb_path_rel_existing (const char *name)
 	}
 	ret = readlink (path, link, sizeof (link) - 1);
 	if (-1 == ret) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot read symbolic link %s: %s\n"),
 		         Prog, path, strerror (errno));
 		free (path);
@@ -149,7 +149,7 @@ static /*@null@*/ char *shadowtcb_path_rel_existing (const char *name)
 	free (path);
 	if ((size_t)ret >= sizeof(link) - 1) {
 		link[sizeof(link) - 1] = '\0';
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Suspiciously long symlink: %s\n"),
 		         Prog, link);
 		return NULL;
@@ -207,7 +207,7 @@ static shadowtcb_status mkdir_leading (const char *name, uid_t uid)
 	}
 	ptr = path;
 	if (stat (TCB_DIR, &st) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot stat %s: %s\n"),
 		         Prog, TCB_DIR, strerror (errno));
 		goto out_free_path;
@@ -219,19 +219,19 @@ static shadowtcb_status mkdir_leading (const char *name, uid_t uid)
 			return SHADOWTCB_FAILURE;
 		}
 		if ((mkdir (dir, 0700) != 0) && (errno != EEXIST)) {
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 			         _("%s: Cannot create directory %s: %s\n"),
 			         Prog, dir, strerror (errno));
 			goto out_free_dir;
 		}
 		if (chown (dir, 0, st.st_gid) != 0) {
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 			         _("%s: Cannot change owner of %s: %s\n"),
 			         Prog, dir, strerror (errno));
 			goto out_free_dir;
 		}
 		if (chmod (dir, 0711) != 0) {
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 			         _("%s: Cannot change mode of %s: %s\n"),
 			         Prog, dir, strerror (errno));
 			goto out_free_dir;
@@ -261,7 +261,7 @@ static shadowtcb_status unlink_suffs (const char *user)
 			return SHADOWTCB_FAILURE;
 		}
 		if ((unlink (tmp) != 0) && (errno != ENOENT)) {
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 			         _("%s: unlink: %s: %s\n"),
 			         Prog, tmp, strerror (errno));
 			free (tmp);
@@ -286,7 +286,7 @@ static shadowtcb_status rmdir_leading (char *path)
 		}
 		if (rmdir (dir) != 0) {
 			if (errno != ENOTEMPTY) {
-				fprintf (stderr,
+				fprintf (shadow_logfd,
 				         _("%s: Cannot remove directory %s: %s\n"),
 				         Prog, dir, strerror (errno));
 				ret = SHADOWTCB_FAILURE;
@@ -315,7 +315,7 @@ static shadowtcb_status move_dir (const char *user_newname, uid_t user_newid)
 		goto out_free_nomem;
 	}
 	if (stat (olddir, &oldmode) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot stat %s: %s\n"),
 		         Prog, olddir, strerror (errno));
 		goto out_free;
@@ -342,7 +342,7 @@ static shadowtcb_status move_dir (const char *user_newname, uid_t user_newid)
 		goto out_free;
 	}
 	if (rename (real_old_dir, real_new_dir) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot rename %s to %s: %s\n"),
 		         Prog, real_old_dir, real_new_dir, strerror (errno));
 		goto out_free;
@@ -351,7 +351,7 @@ static shadowtcb_status move_dir (const char *user_newname, uid_t user_newid)
 		goto out_free;
 	}
 	if ((unlink (olddir) != 0) && (errno != ENOENT)) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot remove %s: %s\n"),
 		         Prog, olddir, strerror (errno));
 		goto out_free;
@@ -365,7 +365,7 @@ static shadowtcb_status move_dir (const char *user_newname, uid_t user_newid)
 	}
 	if (   (strcmp (real_new_dir, newdir) != 0)
 	    && (symlink (real_new_dir_rel, newdir) != 0)) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot create symbolic link %s: %s\n"),
 		         Prog, real_new_dir_rel, strerror (errno));
 		goto out_free;
@@ -464,37 +464,37 @@ shadowtcb_status shadowtcb_move (/*@NULL@*/const char *user_newname, uid_t user_
 		return SHADOWTCB_FAILURE;
 	}
 	if (stat (tcbdir, &dirmode) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot stat %s: %s\n"),
 		         Prog, tcbdir, strerror (errno));
 		goto out_free;
 	}
 	if (chown (tcbdir, 0, 0) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot change owners of %s: %s\n"),
 		         Prog, tcbdir, strerror (errno));
 		goto out_free;
 	}
 	if (chmod (tcbdir, 0700) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot change mode of %s: %s\n"),
 		         Prog, tcbdir, strerror (errno));
 		goto out_free;
 	}
 	if (lstat (shadow, &filemode) != 0) {
 		if (errno != ENOENT) {
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 			         _("%s: Cannot lstat %s: %s\n"),
 			         Prog, shadow, strerror (errno));
 			goto out_free;
 		}
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Warning, user %s has no tcb shadow file.\n"),
 		         Prog, user_newname);
 	} else {
 		if (!S_ISREG (filemode.st_mode) ||
 			filemode.st_nlink != 1) {
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 			         _("%s: Emergency: %s's tcb shadow is not a "
 			           "regular file with st_nlink=1.\n"
 			           "The account is left locked.\n"),
@@ -502,13 +502,13 @@ shadowtcb_status shadowtcb_move (/*@NULL@*/const char *user_newname, uid_t user_
 			goto out_free;
 		}
 		if (chown (shadow, user_newid, filemode.st_gid) != 0) {
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 			         _("%s: Cannot change owner of %s: %s\n"),
 			         Prog, shadow, strerror (errno));
 			goto out_free;
 		}
 		if (chmod (shadow, filemode.st_mode & 07777) != 0) {
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 			         _("%s: Cannot change mode of %s: %s\n"),
 			         Prog, shadow, strerror (errno));
 			goto out_free;
@@ -518,7 +518,7 @@ shadowtcb_status shadowtcb_move (/*@NULL@*/const char *user_newname, uid_t user_
 		goto out_free;
 	}
 	if (chown (tcbdir, user_newid, dirmode.st_gid) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot change owner of %s: %s\n"),
 		         Prog, tcbdir, strerror (errno));
 		goto out_free;
@@ -543,7 +543,7 @@ shadowtcb_status shadowtcb_create (const char *name, uid_t uid)
 		return SHADOWTCB_SUCCESS;
 	}
 	if (stat (TCB_DIR, &tcbdir_stat) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot stat %s: %s\n"),
 		         Prog, TCB_DIR, strerror (errno));
 		return SHADOWTCB_FAILURE;
@@ -563,39 +563,39 @@ shadowtcb_status shadowtcb_create (const char *name, uid_t uid)
 		return SHADOWTCB_FAILURE;
 	}
 	if (mkdir (dir, 0700) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: mkdir: %s: %s\n"),
 		         Prog, dir, strerror (errno));
 		goto out_free;
 	}
 	fd = open (shadow, O_RDWR | O_CREAT | O_TRUNC, 0600);
 	if (fd < 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot open %s: %s\n"),
 		         Prog, shadow, strerror (errno));
 		goto out_free;
 	}
 	close (fd);
 	if (chown (shadow, 0, authgid) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot change owner of %s: %s\n"),
 		         Prog, shadow, strerror (errno));
 		goto out_free;
 	}
 	if (chmod (shadow, (mode_t) ((authgid == shadowgid) ? 0600 : 0640)) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot change mode of %s: %s\n"),
 		         Prog, shadow, strerror (errno));
 		goto out_free;
 	}
 	if (chown (dir, 0, authgid) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot change owner of %s: %s\n"),
 		         Prog, dir, strerror (errno));
 		goto out_free;
 	}
 	if (chmod (dir, (mode_t) ((authgid == shadowgid) ? 02700 : 02710)) != 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Cannot change mode of %s: %s\n"),
 		         Prog, dir, strerror (errno));
 		goto out_free;

libmisc/Makefile.am

@@ -3,9 +3,9 @@ EXTRA_DIST = .indent.pro xgetXXbyYY.c
 
 AM_CPPFLAGS = -I$(top_srcdir)/lib $(ECONF_CPPFLAGS)
 
-noinst_LIBRARIES = libmisc.a
+noinst_LTLIBRARIES = libmisc.la
 
-libmisc_a_SOURCES = \
+libmisc_la_SOURCES = \
 	addgrps.c \
 	age.c \
 	audit_help.c \
@@ -74,6 +74,6 @@ libmisc_a_SOURCES = \
 	yesno.c
 
 if WITH_BTRFS
-libmisc_a_SOURCES += btrfs.c
+libmisc_la_SOURCES += btrfs.c
 endif
 

libmisc/addgrps.c

@@ -57,6 +57,7 @@ int add_groups (const char *list)
 	bool added;
 	char *token;
 	char buf[1024];
+	int ret;
 
 	if (strlen (list) >= sizeof (buf)) {
 		errno = EINVAL;
@@ -93,7 +94,7 @@ int add_groups (const char *list)
 
 		grp = getgrnam (token); /* local, no need for xgetgrnam */
 		if (NULL == grp) {
-			fprintf (stderr, _("Warning: unknown group %s\n"),
+			fprintf (shadow_logfd, _("Warning: unknown group %s\n"),
 				 token);
 			continue;
 		}
@@ -105,7 +106,7 @@ int add_groups (const char *list)
 		}
 
 		if (ngroups >= sysconf (_SC_NGROUPS_MAX)) {
-			fputs (_("Warning: too many groups\n"), stderr);
+			fputs (_("Warning: too many groups\n"), shadow_logfd);
 			break;
 		}
 		tmp = (gid_t *) realloc (grouplist, (size_t)(ngroups + 1) * sizeof (GETGROUPS_T));
@@ -120,9 +121,12 @@ int add_groups (const char *list)
 	}
 
 	if (added) {
-		return setgroups ((size_t)ngroups, grouplist);
+		ret = setgroups ((size_t)ngroups, grouplist);
+		free (grouplist);
+		return ret;
 	}
 
+	free (grouplist);
 	return 0;
 }
 #else				/* HAVE_SETGROUPS && !USE_PAM */

libmisc/audit_help.c

@@ -59,7 +59,7 @@ void audit_help_open (void)
 			return;
 		}
 		(void) fputs (_("Cannot open audit interface - aborting.\n"),
-		              stderr);
+		              shadow_logfd);
 		exit (EXIT_FAILURE);
 	}
 }

libmisc/chowntty.c

@@ -62,6 +62,7 @@ void chown_tty (const struct passwd *info)
 	grent = getgr_nam_gid (getdef_str ("TTYGROUP"));
 	if (NULL != grent) {
 		gid = grent->gr_gid;
+		gr_free (grent);
 	} else {
 		gid = info->pw_gid;
 	}
@@ -75,7 +76,7 @@ void chown_tty (const struct passwd *info)
 	    || (fchmod (STDIN_FILENO, (mode_t)getdef_num ("TTYPERM", 0600)) != 0)) {
 		int err = errno;
 
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("Unable to change owner or mode of tty stdin: %s"),
 		         strerror (err));
 		SYSLOG ((LOG_WARN,

libmisc/cleanup_group.c

@@ -203,7 +203,7 @@ void cleanup_report_del_group_gshadow (void *group_name)
 void cleanup_unlock_group (unused void *arg)
 {
 	if (gr_unlock () == 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: failed to unlock %s\n"),
 		         Prog, gr_dbname ());
 		SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
@@ -223,7 +223,7 @@ void cleanup_unlock_group (unused void *arg)
 void cleanup_unlock_gshadow (unused void *arg)
 {
 	if (sgr_unlock () == 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: failed to unlock %s\n"),
 		         Prog, sgr_dbname ());
 		SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));

libmisc/cleanup_user.c

@@ -120,7 +120,7 @@ void cleanup_report_add_user_shadow (void *user_name)
 void cleanup_unlock_passwd (unused void *arg)
 {
 	if (pw_unlock () == 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: failed to unlock %s\n"),
 		         Prog, pw_dbname ());
 		SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
@@ -139,7 +139,7 @@ void cleanup_unlock_passwd (unused void *arg)
 void cleanup_unlock_shadow (unused void *arg)
 {
 	if (spw_unlock () == 0) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: failed to unlock %s\n"),
 		         Prog, spw_dbname ());
 		SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));

libmisc/copydir.c

@@ -125,11 +125,11 @@ static void error_acl (struct error_context *ctx, const char *fmt, ...)
 	}
 
 	va_start (ap, fmt);
-	(void) fprintf (stderr, _("%s: "), Prog);
-	if (vfprintf (stderr, fmt, ap) != 0) {
-		(void) fputs (_(": "), stderr);
+	(void) fprintf (shadow_logfd, _("%s: "), Prog);
+	if (vfprintf (shadow_logfd, fmt, ap) != 0) {
+		(void) fputs (_(": "), shadow_logfd);
 	}
-	(void) fprintf (stderr, "%s\n", strerror (errno));
+	(void) fprintf (shadow_logfd, "%s\n", strerror (errno));
 	va_end (ap);
 }
 
@@ -248,7 +248,7 @@ int copy_tree (const char *src_root, const char *dst_root,
 		}
 
 		if (!S_ISDIR (sb.st_mode)) {
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 			         "%s: %s is not a directory",
 			         Prog, src_root);
 			return -1;
@@ -484,7 +484,7 @@ static int copy_dir (const char *src, const char *dst,
 	 */
 
 #ifdef WITH_SELINUX
-	if (set_selinux_file_context (dst) != 0) {
+	if (set_selinux_file_context (dst, S_IFDIR) != 0) {
 		return -1;
 	}
 #endif				/* WITH_SELINUX */
@@ -605,7 +605,7 @@ static int copy_symlink (const char *src, const char *dst,
 	}
 
 #ifdef WITH_SELINUX
-	if (set_selinux_file_context (dst) != 0) {
+	if (set_selinux_file_context (dst, S_IFLNK) != 0) {
 		free (oldlink);
 		return -1;
 	}
@@ -684,7 +684,7 @@ static int copy_special (const char *src, const char *dst,
 	int err = 0;
 
 #ifdef WITH_SELINUX
-	if (set_selinux_file_context (dst) != 0) {
+	if (set_selinux_file_context (dst, statp->st_mode & S_IFMT) != 0) {
 		return -1;
 	}
 #endif				/* WITH_SELINUX */
@@ -744,7 +744,8 @@ static int copy_file (const char *src, const char *dst,
 		return -1;
 	}
 #ifdef WITH_SELINUX
-	if (set_selinux_file_context (dst) != 0) {
+	if (set_selinux_file_context (dst, S_IFREG) != 0) {
+		(void) close (ifd);
 		return -1;
 	}
 #endif				/* WITH_SELINUX */
@@ -771,12 +772,16 @@ static int copy_file (const char *src, const char *dst,
 	        && (errno != 0))
 #endif				/* WITH_ATTR */
 	   ) {
+		if (ofd >= 0) {
+			(void) close (ofd);
+		}
 		(void) close (ifd);
 		return -1;
 	}
 
 	while ((cnt = read (ifd, buf, sizeof buf)) > 0) {
 		if (write (ofd, buf, (size_t)cnt) != cnt) {
+			(void) close (ofd);
 			(void) close (ifd);
 			return -1;
 		}
@@ -786,6 +791,7 @@ static int copy_file (const char *src, const char *dst,
 
 #ifdef HAVE_FUTIMES
 	if (futimes (ofd, mt) != 0) {
+		(void) close (ofd);
 		return -1;
 	}
 #endif				/* HAVE_FUTIMES */

libmisc/env.c

@@ -171,7 +171,7 @@ void addenv (const char *string, /*@null@*/const char *value)
 			}
 			newenvp = __newenvp;
 		} else {
-			(void) fputs (_("Environment overflow\n"), stderr);
+			(void) fputs (_("Environment overflow\n"), shadow_logfd);
 			newenvc--;
 			free (newenvp[newenvc]);
 		}

libmisc/failure.c

@@ -98,7 +98,7 @@ void failure (uid_t uid, const char *tty, struct faillog *fl)
 		fl->fail_cnt++;
 	}
 
-	strncpy (fl->fail_line, tty, sizeof fl->fail_line);
+	strncpy (fl->fail_line, tty, sizeof (fl->fail_line) - 1);
 	(void) time (&fl->fail_time);
 
 	/*

libmisc/find_new_gid.c

@@ -74,7 +74,7 @@ static int get_ranges (bool sys_group, gid_t *min_id, gid_t *max_id,
 
 		/* Check that the ranges make sense */
 		if (*max_id < *min_id) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
                             _("%s: Invalid configuration: SYS_GID_MIN (%lu), "
                               "GID_MIN (%lu), SYS_GID_MAX (%lu)\n"),
                             Prog, (unsigned long) *min_id,
@@ -97,7 +97,7 @@ static int get_ranges (bool sys_group, gid_t *min_id, gid_t *max_id,
 
 		/* Check that the ranges make sense */
 		if (*max_id < *min_id) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
 					_("%s: Invalid configuration: GID_MIN (%lu), "
 					  "GID_MAX (%lu)\n"),
 					Prog, (unsigned long) *min_id,
@@ -213,7 +213,7 @@ int find_new_gid (bool sys_group,
 			 * more likely to want to stop and address the
 			 * issue.
 			 */
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 				_("%s: Encountered error attempting to use "
 				  "preferred GID: %s\n"),
 				Prog, strerror (result));
@@ -243,7 +243,7 @@ int find_new_gid (bool sys_group,
 	/* Create an array to hold all of the discovered GIDs */
 	used_gids = malloc (sizeof (bool) * (gid_max +1));
 	if (NULL == used_gids) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 			 _("%s: failed to allocate memory: %s\n"),
 			 Prog, strerror (errno));
 		return -1;
@@ -323,7 +323,7 @@ int find_new_gid (bool sys_group,
 				 *
 				 */
 				if (!nospam) {
-					fprintf (stderr,
+					fprintf (shadow_logfd,
 						_("%s: Can't get unique system GID (%s). "
 						  "Suppressing additional messages.\n"),
 						Prog, strerror (result));
@@ -366,7 +366,7 @@ int find_new_gid (bool sys_group,
 					 *
 					 */
 					if (!nospam) {
-						fprintf (stderr,
+						fprintf (shadow_logfd,
 							_("%s: Can't get unique system GID (%s). "
 							  "Suppressing additional messages.\n"),
 							Prog, strerror (result));
@@ -426,7 +426,7 @@ int find_new_gid (bool sys_group,
 				 *
 				 */
 				if (!nospam) {
-					fprintf (stderr,
+					fprintf (shadow_logfd,
 						_("%s: Can't get unique GID (%s). "
 						  "Suppressing additional messages.\n"),
 						Prog, strerror (result));
@@ -469,7 +469,7 @@ int find_new_gid (bool sys_group,
 					 *
 					 */
 					if (!nospam) {
-						fprintf (stderr,
+						fprintf (shadow_logfd,
 							_("%s: Can't get unique GID (%s). "
 							  "Suppressing additional messages.\n"),
 							Prog, strerror (result));
@@ -488,7 +488,7 @@ int find_new_gid (bool sys_group,
 	}
 
 	/* The code reached here and found no available IDs in the range */
-	fprintf (stderr,
+	fprintf (shadow_logfd,
 		_("%s: Can't get unique GID (no more available GIDs)\n"),
 		Prog);
 	SYSLOG ((LOG_WARN, "no more available GIDs on the system"));

libmisc/find_new_sub_gids.c

@@ -46,8 +46,7 @@
  * 
  * Return 0 on success, -1 if no unused GIDs are available.
  */
-int find_new_sub_gids (const char *owner,
-		       gid_t *range_start, unsigned long *range_count)
+int find_new_sub_gids (gid_t *range_start, unsigned long *range_count)
 {
 	unsigned long min, max;
 	unsigned long count;
@@ -61,7 +60,7 @@ int find_new_sub_gids (const char *owner,
 	count = getdef_ulong ("SUB_GID_COUNT", 65536);
 
 	if (min > max || count >= max || (min + count - 1) > max) {
-		(void) fprintf (stderr,
+		(void) fprintf (shadow_logfd,
 				_("%s: Invalid configuration: SUB_GID_MIN (%lu),"
 				  " SUB_GID_MAX (%lu), SUB_GID_COUNT (%lu)\n"),
 			Prog, min, max, count);
@@ -70,7 +69,7 @@ int find_new_sub_gids (const char *owner,
 
 	start = sub_gid_find_free_range(min, max, count);
 	if (start == (gid_t)-1) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Can't get unique subordinate GID range\n"),
 		         Prog);
 		SYSLOG ((LOG_WARN, "no more available subordinate GIDs on the system"));

libmisc/find_new_sub_uids.c

@@ -46,8 +46,7 @@
  * 
  * Return 0 on success, -1 if no unused UIDs are available.
  */
-int find_new_sub_uids (const char *owner,
-		       uid_t *range_start, unsigned long *range_count)
+int find_new_sub_uids (uid_t *range_start, unsigned long *range_count)
 {
 	unsigned long min, max;
 	unsigned long count;
@@ -61,7 +60,7 @@ int find_new_sub_uids (const char *owner,
 	count = getdef_ulong ("SUB_UID_COUNT", 65536);
 
 	if (min > max || count >= max || (min + count - 1) > max) {
-		(void) fprintf (stderr,
+		(void) fprintf (shadow_logfd,
 				_("%s: Invalid configuration: SUB_UID_MIN (%lu),"
 				  " SUB_UID_MAX (%lu), SUB_UID_COUNT (%lu)\n"),
 			Prog, min, max, count);
@@ -70,7 +69,7 @@ int find_new_sub_uids (const char *owner,
 
 	start = sub_uid_find_free_range(min, max, count);
 	if (start == (uid_t)-1) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: Can't get unique subordinate UID range\n"),
 		         Prog);
 		SYSLOG ((LOG_WARN, "no more available subordinate UIDs on the system"));

libmisc/find_new_uid.c

@@ -74,7 +74,7 @@ static int get_ranges (bool sys_user, uid_t *min_id, uid_t *max_id,
 
 		/* Check that the ranges make sense */
 		if (*max_id < *min_id) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
                             _("%s: Invalid configuration: SYS_UID_MIN (%lu), "
                               "UID_MIN (%lu), SYS_UID_MAX (%lu)\n"),
                             Prog, (unsigned long) *min_id,
@@ -97,7 +97,7 @@ static int get_ranges (bool sys_user, uid_t *min_id, uid_t *max_id,
 
 		/* Check that the ranges make sense */
 		if (*max_id < *min_id) {
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
 					_("%s: Invalid configuration: UID_MIN (%lu), "
 					  "UID_MAX (%lu)\n"),
 					Prog, (unsigned long) *min_id,
@@ -213,7 +213,7 @@ int find_new_uid(bool sys_user,
 			 * more likely to want to stop and address the
 			 * issue.
 			 */
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 				_("%s: Encountered error attempting to use "
 				  "preferred UID: %s\n"),
 				Prog, strerror (result));
@@ -243,7 +243,7 @@ int find_new_uid(bool sys_user,
 	/* Create an array to hold all of the discovered UIDs */
 	used_uids = malloc (sizeof (bool) * (uid_max +1));
 	if (NULL == used_uids) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 			 _("%s: failed to allocate memory: %s\n"),
 			 Prog, strerror (errno));
 		return -1;
@@ -323,7 +323,7 @@ int find_new_uid(bool sys_user,
 				 *
 				 */
 				if (!nospam) {
-					fprintf (stderr,
+					fprintf (shadow_logfd,
 						_("%s: Can't get unique system UID (%s). "
 						  "Suppressing additional messages.\n"),
 						Prog, strerror (result));
@@ -366,7 +366,7 @@ int find_new_uid(bool sys_user,
 					 *
 					 */
 					if (!nospam) {
-						fprintf (stderr,
+						fprintf (shadow_logfd,
 							_("%s: Can't get unique system UID (%s). "
 							  "Suppressing additional messages.\n"),
 							Prog, strerror (result));
@@ -426,7 +426,7 @@ int find_new_uid(bool sys_user,
 				 *
 				 */
 				if (!nospam) {
-					fprintf (stderr,
+					fprintf (shadow_logfd,
 						_("%s: Can't get unique UID (%s). "
 						  "Suppressing additional messages.\n"),
 						Prog, strerror (result));
@@ -469,7 +469,7 @@ int find_new_uid(bool sys_user,
 					 *
 					 */
 					if (!nospam) {
-						fprintf (stderr,
+						fprintf (shadow_logfd,
 							_("%s: Can't get unique UID (%s). "
 							  "Suppressing additional messages.\n"),
 							Prog, strerror (result));
@@ -488,7 +488,7 @@ int find_new_uid(bool sys_user,
 	}
 
 	/* The code reached here and found no available IDs in the range */
-	fprintf (stderr,
+	fprintf (shadow_logfd,
 		_("%s: Can't get unique UID (no more available UIDs)\n"),
 		Prog);
 	SYSLOG ((LOG_WARN, "no more available UIDs on the system"));

libmisc/gettime.c

@@ -61,23 +61,23 @@
 	epoch = strtoull (source_date_epoch, &endptr, 10);
 	if ((errno == ERANGE && (epoch == ULLONG_MAX || epoch == 0))
 			|| (errno != 0 && epoch == 0)) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 			 _("Environment variable $SOURCE_DATE_EPOCH: strtoull: %s\n"),
 			 strerror(errno));
 	} else if (endptr == source_date_epoch) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 			 _("Environment variable $SOURCE_DATE_EPOCH: No digits were found: %s\n"),
 			 endptr);
 	} else if (*endptr != '\0') {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 			 _("Environment variable $SOURCE_DATE_EPOCH: Trailing garbage: %s\n"),
 			 endptr);
 	} else if (epoch > ULONG_MAX) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 			 _("Environment variable $SOURCE_DATE_EPOCH: value must be smaller than or equal to %lu but was found to be: %llu\n"),
 			 ULONG_MAX, epoch);
 	} else if (epoch > fallback) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 			 _("Environment variable $SOURCE_DATE_EPOCH: value must be smaller than or equal to the current time (%lu) but was found to be: %llu\n"),
 			 fallback, epoch);
 	} else {

libmisc/idmapping.c

@@ -36,8 +36,8 @@
 #include <stdio.h>
 #include "prototypes.h"
 #include "idmapping.h"
-#include <sys/prctl.h>
 #if HAVE_SYS_CAPABILITY_H
+#include <sys/prctl.h>
 #include <sys/capability.h>
 #endif
 
@@ -47,19 +47,19 @@ struct map_range *get_map_ranges(int ranges, int argc, char **argv)
 	int idx, argidx;
 
 	if (ranges < 0 || argc < 0) {
-		fprintf(stderr, "%s: error calculating number of arguments\n", Prog);
+		fprintf(shadow_logfd, "%s: error calculating number of arguments\n", Prog);
 		return NULL;
 	}
 
 	if (ranges != ((argc + 2) / 3)) {
-		fprintf(stderr, "%s: ranges: %u is wrong for argc: %d\n", Prog, ranges, argc);
+		fprintf(shadow_logfd, "%s: ranges: %u is wrong for argc: %d\n", Prog, ranges, argc);
 		return NULL;
 	}
 
 	if ((ranges * 3) > argc) {
-		fprintf(stderr, "ranges: %u argc: %d\n",
+		fprintf(shadow_logfd, "ranges: %u argc: %d\n",
 			ranges, argc);
-		fprintf(stderr,
+		fprintf(shadow_logfd,
 			_( "%s: Not enough arguments to form %u mappings\n"),
 			Prog, ranges);
 		return NULL;
@@ -67,7 +67,7 @@ struct map_range *get_map_ranges(int ranges, int argc, char **argv)
 
 	mappings = calloc(ranges, sizeof(*mappings));
 	if (!mappings) {
-		fprintf(stderr, _( "%s: Memory allocation failure\n"),
+		fprintf(shadow_logfd, _( "%s: Memory allocation failure\n"),
 			Prog);
 		exit(EXIT_FAILURE);
 	}
@@ -88,24 +88,24 @@ struct map_range *get_map_ranges(int ranges, int argc, char **argv)
 			return NULL;
 		}
 		if (ULONG_MAX - mapping->upper <= mapping->count || ULONG_MAX - mapping->lower <= mapping->count) {
-			fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
+			fprintf(shadow_logfd, _( "%s: subuid overflow detected.\n"), Prog);
 			exit(EXIT_FAILURE);
 		}
 		if (mapping->upper > UINT_MAX ||
 			mapping->lower > UINT_MAX ||
 			mapping->count > UINT_MAX)  {
-			fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
+			fprintf(shadow_logfd, _( "%s: subuid overflow detected.\n"), Prog);
 			exit(EXIT_FAILURE);
 		}
 		if (mapping->lower + mapping->count > UINT_MAX ||
 				mapping->upper + mapping->count > UINT_MAX) {
-			fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
+			fprintf(shadow_logfd, _( "%s: subuid overflow detected.\n"), Prog);
 			exit(EXIT_FAILURE);
 		}
 		if (mapping->lower + mapping->count < mapping->lower ||
 				mapping->upper + mapping->count < mapping->upper) {
 			/* this one really shouldn't be possible given previous checks */
-			fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
+			fprintf(shadow_logfd, _( "%s: subuid overflow detected.\n"), Prog);
 			exit(EXIT_FAILURE);
 		}
 	}
@@ -123,6 +123,25 @@ struct map_range *get_map_ranges(int ranges, int argc, char **argv)
  */
 #define ULONG_DIGITS ((((sizeof(unsigned long) * CHAR_BIT) + 9)/10)*3)
 
+#if HAVE_SYS_CAPABILITY_H
+static inline bool maps_lower_root(int cap, int ranges, struct map_range *mappings)
+{
+	int idx;
+	struct map_range *mapping;
+
+	if (cap != CAP_SETUID)
+		return false;
+
+	mapping = mappings;
+	for (idx = 0; idx < ranges; idx++, mapping++) {
+		if (mapping->lower == 0)
+			return true;
+	}
+
+	return false;
+}
+#endif
+
 /*
  * The ruid refers to the caller's uid and is used to reset the effective uid
  * back to the callers real uid.
@@ -157,19 +176,19 @@ void write_mapping(int proc_dir_fd, int ranges, struct map_range *mappings,
 	} else if (strcmp(map_file, "gid_map") == 0) {
 		cap = CAP_SETGID;
 	} else {
-		fprintf(stderr, _("%s: Invalid map file %s specified\n"), Prog, map_file);
+		fprintf(shadow_logfd, _("%s: Invalid map file %s specified\n"), Prog, map_file);
 		exit(EXIT_FAILURE);
 	}
 
 	/* Align setuid- and fscaps-based new{g,u}idmap behavior. */
 	if (geteuid() == 0 && geteuid() != ruid) {
 		if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0) {
-			fprintf(stderr, _("%s: Could not prctl(PR_SET_KEEPCAPS)\n"), Prog);
+			fprintf(shadow_logfd, _("%s: Could not prctl(PR_SET_KEEPCAPS)\n"), Prog);
 			exit(EXIT_FAILURE);
 		}
 
 		if (seteuid(ruid) < 0) {
-			fprintf(stderr, _("%s: Could not seteuid to %d\n"), Prog, ruid);
+			fprintf(shadow_logfd, _("%s: Could not seteuid to %d\n"), Prog, ruid);
 			exit(EXIT_FAILURE);
 		}
 	}
@@ -177,9 +196,15 @@ void write_mapping(int proc_dir_fd, int ranges, struct map_range *mappings,
 	/* Lockdown new{g,u}idmap by dropping all unneeded capabilities. */
 	memset(data, 0, sizeof(data));
 	data[0].effective = CAP_TO_MASK(cap);
+	/*
+	 * When uid 0 from the ancestor userns is supposed to be mapped into
+	 * the child userns we need to retain CAP_SETFCAP.
+	 */
+	if (maps_lower_root(cap, ranges, mappings))
+		data[0].effective |= CAP_TO_MASK(CAP_SETFCAP);
 	data[0].permitted = data[0].effective;
 	if (capset(&hdr, data) < 0) {
-		fprintf(stderr, _("%s: Could not set caps\n"), Prog);
+		fprintf(shadow_logfd, _("%s: Could not set caps\n"), Prog);
 		exit(EXIT_FAILURE);
 	}
 #endif
@@ -197,7 +222,7 @@ void write_mapping(int proc_dir_fd, int ranges, struct map_range *mappings,
 			mapping->lower,
 			mapping->count);
 		if ((written <= 0) || (written >= (bufsize - (pos - buf)))) {
-			fprintf(stderr, _("%s: snprintf failed!\n"), Prog);
+			fprintf(shadow_logfd, _("%s: snprintf failed!\n"), Prog);
 			exit(EXIT_FAILURE);
 		}
 		pos += written;
@@ -206,14 +231,15 @@ void write_mapping(int proc_dir_fd, int ranges, struct map_range *mappings,
 	/* Write the mapping to the mapping file */
 	fd = openat(proc_dir_fd, map_file, O_WRONLY);
 	if (fd < 0) {
-		fprintf(stderr, _("%s: open of %s failed: %s\n"),
+		fprintf(shadow_logfd, _("%s: open of %s failed: %s\n"),
 			Prog, map_file, strerror(errno));
 		exit(EXIT_FAILURE);
 	}
 	if (write(fd, buf, pos - buf) != (pos - buf)) {
-		fprintf(stderr, _("%s: write to %s failed: %s\n"),
+		fprintf(shadow_logfd, _("%s: write to %s failed: %s\n"),
 			Prog, map_file, strerror(errno));
 		exit(EXIT_FAILURE);
 	}
 	close(fd);
+	free(buf);
 }

libmisc/idmapping.h

@@ -40,5 +40,7 @@ extern struct map_range *get_map_ranges(int ranges, int argc, char **argv);
 extern void write_mapping(int proc_dir_fd, int ranges,
 	struct map_range *mappings, const char *map_file, uid_t ruid);
 
+extern void nss_init(char *nsswitch_path);
+
 #endif /* _ID_MAPPING_H_ */
 

libmisc/limits.c

@@ -548,7 +548,7 @@ void setup_limits (const struct passwd *info)
 #ifdef LIMITS
 		if (info->pw_uid != 0) {
 			if ((setup_user_limits (info->pw_name) & LOGIN_ERROR_LOGIN) != 0) {
-				(void) fputs (_("Too many logins.\n"), stderr);
+				(void) fputs (_("Too many logins.\n"), shadow_logfd);
 				(void) sleep (2); /* XXX: Should be FAIL_DELAY */
 				exit (EXIT_FAILURE);
 			}

libmisc/list.c

@@ -241,6 +241,7 @@ bool is_on_list (char *const *list, const char *member)
 
 	if ('\0' == *members) {
 		*array = (char *) 0;
+		free (members);
 		return array;
 	}
 

libmisc/log.c

@@ -100,9 +100,9 @@ void dolastlog (
 	ll_time = newlog.ll_time;
 	(void) time (&ll_time);
 	newlog.ll_time = ll_time;
-	strncpy (newlog.ll_line, line, sizeof newlog.ll_line);
+	strncpy (newlog.ll_line, line, sizeof (newlog.ll_line) - 1);
 #if HAVE_LL_HOST
-	strncpy (newlog.ll_host, host, sizeof newlog.ll_host);
+	strncpy (newlog.ll_host, host, sizeof (newlog.ll_host) - 1);
 #endif
 	if (   (lseek (fd, offset, SEEK_SET) != offset)
 	    || (write (fd, (const void *) &newlog, sizeof newlog) != (ssize_t) sizeof newlog)

libmisc/myname.c

@@ -62,6 +62,9 @@
 		if ((NULL != pw) && (pw->pw_uid == ruid)) {
 			return pw;
 		}
+		if (NULL != pw) {
+			pw_free (pw);
+		}
 	}
 
 	return xgetpwuid (ruid);

libmisc/obscure.c

@@ -271,6 +271,9 @@ static /*@observer@*//*@null@*/const char *obscure_msg (
 #endif
 #ifdef USE_BCRYPT
 		    || (strcmp (result, "BCRYPT") == 0)
+#endif
+#ifdef USE_YESCRYPT
+		    || (strcmp (result, "YESCRYPT") == 0)
 #endif
 		    ) {
 			return NULL;

libmisc/pam_pass.c

@@ -59,20 +59,20 @@ void do_pam_passwd (const char *user, bool silent, bool change_expired)
 
 	ret = pam_start ("passwd", user, &conv, &pamh);
 	if (ret != PAM_SUCCESS) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 			 _("passwd: pam_start() failed, error %d\n"), ret);
 		exit (10);	/* XXX */
 	}
 
 	ret = pam_chauthtok (pamh, flags);
 	if (ret != PAM_SUCCESS) {
-		fprintf (stderr, _("passwd: %s\n"), pam_strerror (pamh, ret));
-		fputs (_("passwd: password unchanged\n"), stderr);
+		fprintf (shadow_logfd, _("passwd: %s\n"), pam_strerror (pamh, ret));
+		fputs (_("passwd: password unchanged\n"), shadow_logfd);
 		pam_end (pamh, ret);
 		exit (10);	/* XXX */
 	}
 
-	fputs (_("passwd: password updated successfully\n"), stderr);
+	fputs (_("passwd: password updated successfully\n"), shadow_logfd);
 	(void) pam_end (pamh, PAM_SUCCESS);
 }
 #else				/* !USE_PAM */

libmisc/pam_pass_non_interactive.c

@@ -76,7 +76,7 @@ static int ni_conv (int num_msg,
 
 		switch (msg[count]->msg_style) {
 		case PAM_PROMPT_ECHO_ON:
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 			         _("%s: PAM modules requesting echoing are not supported.\n"),
 			         Prog);
 			goto failed_conversation;
@@ -88,7 +88,7 @@ static int ni_conv (int num_msg,
 			break;
 		case PAM_ERROR_MSG:
 			if (   (NULL == msg[count]->msg)
-			    || (fprintf (stderr, "%s\n", msg[count]->msg) <0)) {
+			    || (fprintf (shadow_logfd, "%s\n", msg[count]->msg) <0)) {
 				goto failed_conversation;
 			}
 			responses[count].resp = NULL;
@@ -101,7 +101,7 @@ static int ni_conv (int num_msg,
 			responses[count].resp = NULL;
 			break;
 		default:
-			(void) fprintf (stderr,
+			(void) fprintf (shadow_logfd,
 			                _("%s: conversation type %d not supported.\n"),
 			                Prog, msg[count]->msg_style);
 			goto failed_conversation;
@@ -143,7 +143,7 @@ int do_pam_passwd_non_interactive (const char *pam_service,
 
 	ret = pam_start (pam_service, username, &non_interactive_pam_conv, &pamh);
 	if (ret != PAM_SUCCESS) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: (user %s) pam_start failure %d\n"),
 		         Prog, username, ret);
 		return 1;
@@ -152,7 +152,7 @@ int do_pam_passwd_non_interactive (const char *pam_service,
 	non_interactive_password = password;
 	ret = pam_chauthtok (pamh, 0);
 	if (ret != PAM_SUCCESS) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: (user %s) pam_chauthtok() failed, error:\n"
 		           "%s\n"),
 		         Prog, username, pam_strerror (pamh, ret));

libmisc/prefix_flag.c

@@ -74,25 +74,31 @@ extern const char* process_prefix_flag (const char* short_opt, int argc, char **
 	 * Parse the command line options.
 	 */
 	int i;
-	const char *prefix = NULL;
+	const char *prefix = NULL, *val;
 
 	for (i = 0; i < argc; i++) {
+		val = NULL;
 		if (   (strcmp (argv[i], "--prefix") == 0)
+		    || ((strncmp (argv[i], "--prefix=", 9) == 0)
+			&& (val = argv[i] + 9))
 		    || (strcmp (argv[i], short_opt) == 0)) {
 			if (NULL != prefix) {
-				fprintf (stderr,
+				fprintf (shadow_logfd,
 				         _("%s: multiple --prefix options\n"),
 				         Prog);
 				exit (E_BAD_ARG);
 			}
 
-			if (i + 1 == argc) {
-				fprintf (stderr,
+			if (val) {
+				prefix = val;
+			} else if (i + 1 == argc) {
+				fprintf (shadow_logfd,
 				         _("%s: option '%s' requires an argument\n"),
 				         Prog, argv[i]);
 				exit (E_BAD_ARG);
+			} else {
+				prefix = argv[++ i];
 			}
-			prefix = argv[i + 1];
 		}
 	}
 
@@ -103,6 +109,12 @@ extern const char* process_prefix_flag (const char* short_opt, int argc, char **
 			return ""; /* if prefix is "/" then we ignore the flag option */
 		/* should we prevent symbolic link from being used as a prefix? */
 
+		if ( prefix[0] != '/') {
+			fprintf (shadow_logfd,
+				 _("%s: prefix must be an absolute path\n"),
+				 Prog);
+			exit (E_BAD_ARG);
+		}
 		size_t len;
 		len = strlen(prefix) + strlen(PASSWD_FILE) + 2;
 		passwd_db_file = xmalloc(len);

libmisc/pwdcheck.c

@@ -51,7 +51,7 @@ void passwd_check (const char *user, const char *passwd, unused const char *prog
 	if (pw_auth (passwd, user, PW_LOGIN, (char *) 0) != 0) {
 		SYSLOG ((LOG_WARN, "incorrect password for `%s'", user));
 		(void) sleep (1);
-		fprintf (stderr, _("Incorrect password for %s.\n"), user);
+		fprintf (shadow_logfd, _("Incorrect password for %s.\n"), user);
 		exit (EXIT_FAILURE);
 	}
 }

libmisc/root_flag.c

@@ -56,25 +56,31 @@ extern void process_root_flag (const char* short_opt, int argc, char **argv)
 	 * Parse the command line options.
 	 */
 	int i;
-	const char *newroot = NULL;
+	const char *newroot = NULL, *val;
 
 	for (i = 0; i < argc; i++) {
+		val = NULL;
 		if (   (strcmp (argv[i], "--root") == 0)
+		    || ((strncmp (argv[i], "--root=", 7) == 0)
+			&& (val = argv[i] + 7))
 		    || (strcmp (argv[i], short_opt) == 0)) {
 			if (NULL != newroot) {
-				fprintf (stderr,
+				fprintf (shadow_logfd,
 				         _("%s: multiple --root options\n"),
 				         Prog);
 				exit (E_BAD_ARG);
 			}
 
-			if (i + 1 == argc) {
-				fprintf (stderr,
+			if (val) {
+				newroot = val;
+			} else if (i + 1 == argc) {
+				fprintf (shadow_logfd,
 				         _("%s: option '%s' requires an argument\n"),
 				         Prog, argv[i]);
 				exit (E_BAD_ARG);
+			} else {
+				newroot = argv[++ i];
 			}
-			newroot = argv[i + 1];
 		}
 	}
 
@@ -88,34 +94,34 @@ static void change_root (const char* newroot)
 	/* Drop privileges */
 	if (   (setregid (getgid (), getgid ()) != 0)
 	    || (setreuid (getuid (), getuid ()) != 0)) {
-		fprintf (stderr, _("%s: failed to drop privileges (%s)\n"),
+		fprintf (shadow_logfd, _("%s: failed to drop privileges (%s)\n"),
 		         Prog, strerror (errno));
 		exit (EXIT_FAILURE);
 	}
 
 	if ('/' != newroot[0]) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: invalid chroot path '%s'\n"),
 		         Prog, newroot);
 		exit (E_BAD_ARG);
 	}
 
 	if (access (newroot, F_OK) != 0) {
-		fprintf(stderr,
+		fprintf(shadow_logfd,
 		        _("%s: cannot access chroot directory %s: %s\n"),
 		        Prog, newroot, strerror (errno));
 		exit (E_BAD_ARG);
 	}
 
 	if (chdir (newroot) != 0) {
-		fprintf(stderr,
+		fprintf(shadow_logfd,
 				_("%s: cannot chdir to chroot directory %s: %s\n"),
 				Prog, newroot, strerror (errno));
 		exit (E_BAD_ARG);
 	}
 
 	if (chroot (newroot) != 0) {
-		fprintf(stderr,
+		fprintf(shadow_logfd,
 		        _("%s: unable to chroot to directory %s: %s\n"),
 		        Prog, newroot, strerror (errno));
 		exit (E_BAD_ARG);

libmisc/salt.c

@@ -11,30 +11,100 @@
 
 #ident "$Id$"
 
-#include <sys/time.h>
-#include <stdlib.h>
-#include <stdio.h>
 #include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#if HAVE_SYS_RANDOM_H
+#include <sys/random.h>
+#endif
 #include "prototypes.h"
 #include "defines.h"
 #include "getdef.h"
 
+#if (defined CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY && \
+     CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY)
+#define USE_XCRYPT_GENSALT 1
+#else
+#define USE_XCRYPT_GENSALT 0
+#endif
+
+/* Add the salt prefix. */
+#define MAGNUM(array,ch)	(array)[0]=(array)[2]='$',(array)[1]=(ch),(array)[3]='\0'
+
+#ifdef USE_BCRYPT
+/* Use $2b$ as prefix for compatibility with OpenBSD's bcrypt. */
+#define BCRYPTMAGNUM(array)	(array)[0]=(array)[3]='$',(array)[1]='2',(array)[2]='b',(array)[4]='\0'
+#define BCRYPT_SALT_SIZE 22
+/* Default number of rounds if not explicitly specified.  */
+#define B_ROUNDS_DEFAULT 13
+/* Minimum number of rounds.  */
+#define B_ROUNDS_MIN 4
+/* Maximum number of rounds.  */
+#define B_ROUNDS_MAX 31
+#endif /* USE_BCRYPT */
+
+#ifdef USE_SHA_CRYPT
+/* Fixed salt len for sha{256,512}crypt. */
+#define SHA_CRYPT_SALT_SIZE 16
+/* Default number of rounds if not explicitly specified.  */
+#define SHA_ROUNDS_DEFAULT 5000
+/* Minimum number of rounds.  */
+#define SHA_ROUNDS_MIN 1000
+/* Maximum number of rounds.  */
+#define SHA_ROUNDS_MAX 999999999
+#endif
+
+#ifdef USE_YESCRYPT
+/*
+ * Default number of base64 characters used for the salt.
+ * 24 characters gives a 144 bits (18 bytes) salt. Unlike the more
+ * traditional 128 bits (16 bytes) salt, this 144 bits salt is always
+ * represented by the same number of base64 characters without padding
+ * issue, even with a non-standard base64 encoding scheme.
+ */
+#define YESCRYPT_SALT_SIZE 24
+/* Default cost if not explicitly specified.  */
+#define Y_COST_DEFAULT 5
+/* Minimum cost.  */
+#define Y_COST_MIN 1
+/* Maximum cost.  */
+#define Y_COST_MAX 11
+#endif
+
+/* Fixed salt len for md5crypt. */
+#define MD5_CRYPT_SALT_SIZE 8
+
+/* Generate salt of size salt_size. */
+#define MAX_SALT_SIZE 44
+#define MIN_SALT_SIZE 8
+
+/* Maximum size of the generated salt string. */
+#define GENSALT_SETTING_SIZE 100
+
 /* local function prototypes */
-static void seedRNG (void);
+static long read_random_bytes (void);
+#if !USE_XCRYPT_GENSALT
 static /*@observer@*/const char *gensalt (size_t salt_size);
+#endif /* !USE_XCRYPT_GENSALT */
 #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT)
 static long shadow_random (long min, long max);
 #endif /* USE_SHA_CRYPT || USE_BCRYPT */
 #ifdef USE_SHA_CRYPT
-static /*@observer@*/const char *SHA_salt_rounds (/*@null@*/int *prefered_rounds);
+static /*@observer@*/const unsigned long SHA_get_salt_rounds (/*@null@*/int *prefered_rounds);
+static /*@observer@*/void SHA_salt_rounds_to_buf (char *buf, unsigned long rounds);
 #endif /* USE_SHA_CRYPT */
 #ifdef USE_BCRYPT
-static /*@observer@*/const char *gensalt_bcrypt (void);
-static /*@observer@*/const char *BCRYPT_salt_rounds (/*@null@*/int *prefered_rounds);
+static /*@observer@*/const unsigned long BCRYPT_get_salt_rounds (/*@null@*/int *prefered_rounds);
+static /*@observer@*/void BCRYPT_salt_rounds_to_buf (char *buf, unsigned long rounds);
 #endif /* USE_BCRYPT */
+#ifdef USE_YESCRYPT
+static /*@observer@*/const unsigned long YESCRYPT_get_salt_cost (/*@null@*/int *prefered_cost);
+static /*@observer@*/void YESCRYPT_salt_cost_to_buf (char *buf, unsigned long cost);
+#endif /* USE_YESCRYPT */
 
-#ifndef HAVE_L64A
-static /*@observer@*/char *l64a(long value)
+#if !USE_XCRYPT_GENSALT && !defined(HAVE_L64A)
+static /*@observer@*/char *l64a (long value)
 {
 	static char buf[8];
 	char *s = buf;
@@ -65,40 +135,58 @@ static /*@observer@*/char *l64a(long value)
 
 	*s = '\0';
 
-	return(buf);
+	return buf;
 }
-#endif /* !HAVE_L64A */
+#endif /* !USE_XCRYPT_GENSALT && !defined(HAVE_L64A) */
 
-static void seedRNG (void)
+/* Read sizeof (long) random bytes from /dev/urandom. */
+static long read_random_bytes (void)
 {
-	struct timeval tv;
-	static int seeded = 0;
+	long randval = 0;
 
-	if (0 == seeded) {
-		(void) gettimeofday (&tv, NULL);
-		srandom (tv.tv_sec ^ tv.tv_usec ^ getpid ());
-		seeded = 1;
+#ifdef HAVE_ARC4RANDOM_BUF
+	/* arc4random_buf, if it exists, can never fail.  */
+	arc4random_buf (&randval, sizeof (randval));
+	goto end;
+
+#elif defined(HAVE_GETENTROPY)
+	/* getentropy may exist but lack kernel support.  */
+	if (getentropy (&randval, sizeof (randval))) {
+		goto fail;
 	}
-}
 
-/*
- * Add the salt prefix.
- */
-#define MAGNUM(array,ch)	(array)[0]=(array)[2]='$',(array)[1]=(ch),(array)[3]='\0'
-#ifdef USE_BCRYPT
-/* 
- * Using the Prefix $2a$ to enable an anti-collision safety measure in musl libc.
- * Negatively affects a subset of passwords containing the '\xff' character,
- * which is not valid UTF-8 (so "unlikely to cause much annoyance").
- */
-#define BCRYPTMAGNUM(array)	(array)[0]=(array)[3]='$',(array)[1]='2',(array)[2]='a',(array)[4]='\0'
-#endif /* USE_BCRYPT */
+	goto end;
+
+#elif defined(HAVE_GETRANDOM)
+	/* Likewise getrandom.  */
+	if ((size_t) getrandom (&randval, sizeof (randval), 0) != sizeof (randval)) {
+		goto fail;
+	}
+
+	goto end;
+
+#else
+	FILE *f = fopen ("/dev/urandom", "r");
+
+	if (fread (&randval, sizeof (randval), 1, f) != 1) {
+		fclose(f);
+		goto fail;
+	}
+
+	fclose(f);
+	goto end;
+#endif
+
+fail:
+	fprintf (shadow_logfd,
+		 _("Unable to obtain random bytes.\n"));
+	exit (1);
+
+end:
+	return randval;
+}
 
 #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT)
-/* It is not clear what is the maximum value of random().
- * We assume 2^31-1.*/
-#define RANDOM_MAX 0x7FFFFFFF
-
 /*
  * Return a random number between min and max (both included).
  *
@@ -108,8 +196,9 @@ static long shadow_random (long min, long max)
 {
 	double drand;
 	long ret;
-	seedRNG ();
-	drand = (double) (max - min + 1) * random () / RANDOM_MAX;
+
+	drand = (double) (read_random_bytes () & RAND_MAX) / (double) RAND_MAX;
+	drand *= (double) (max - min + 1);
 	/* On systems were this is not random() range is lower, we favor
 	 * higher numbers of salt. */
 	ret = (long) (max + 1 - drand);
@@ -122,26 +211,17 @@ static long shadow_random (long min, long max)
 #endif /* USE_SHA_CRYPT || USE_BCRYPT */
 
 #ifdef USE_SHA_CRYPT
-/* Default number of rounds if not explicitly specified.  */
-#define ROUNDS_DEFAULT 5000
-/* Minimum number of rounds.  */
-#define ROUNDS_MIN 1000
-/* Maximum number of rounds.  */
-#define ROUNDS_MAX 999999999
-/*
- * Return a salt prefix specifying the rounds number for the SHA crypt methods.
- */
-static /*@observer@*/const char *SHA_salt_rounds (/*@null@*/int *prefered_rounds)
+/* Return the the rounds number for the SHA crypt methods. */
+static /*@observer@*/const unsigned long SHA_get_salt_rounds (/*@null@*/int *prefered_rounds)
 {
-	static char rounds_prefix[18]; /* Max size: rounds=999999999$ */
-	long rounds;
+	unsigned long rounds;
 
 	if (NULL == prefered_rounds) {
 		long min_rounds = getdef_long ("SHA_CRYPT_MIN_ROUNDS", -1);
 		long max_rounds = getdef_long ("SHA_CRYPT_MAX_ROUNDS", -1);
 
 		if ((-1 == min_rounds) && (-1 == max_rounds)) {
-			return "";
+			rounds = SHA_ROUNDS_DEFAULT;
 		}
 
 		if (-1 == min_rounds) {
@@ -156,137 +236,208 @@ static /*@observer@*/const char *SHA_salt_rounds (/*@null@*/int *prefered_rounds
 			max_rounds = min_rounds;
 		}
 
-		rounds = shadow_random (min_rounds, max_rounds);
+		rounds = (unsigned long) shadow_random (min_rounds, max_rounds);
 	} else if (0 == *prefered_rounds) {
-		return "";
+		rounds = SHA_ROUNDS_DEFAULT;
 	} else {
-		rounds = *prefered_rounds;
+		rounds = (unsigned long) *prefered_rounds;
 	}
 
 	/* Sanity checks. The libc should also check this, but this
 	 * protects against a rounds_prefix overflow. */
-	if (rounds < ROUNDS_MIN) {
-		rounds = ROUNDS_MIN;
+	if (rounds < SHA_ROUNDS_MIN) {
+		rounds = SHA_ROUNDS_MIN;
 	}
 
-	if (rounds > ROUNDS_MAX) {
-		rounds = ROUNDS_MAX;
+	if (rounds > SHA_ROUNDS_MAX) {
+		rounds = SHA_ROUNDS_MAX;
 	}
 
-	(void) snprintf (rounds_prefix, sizeof rounds_prefix,
-	                 "rounds=%ld$", rounds);
+	return rounds;
+}
 
-	return rounds_prefix;
+/*
+ * Fill a salt prefix specifying the rounds number for the SHA crypt methods
+ * to a buffer.
+ */
+static /*@observer@*/void SHA_salt_rounds_to_buf (char *buf, unsigned long rounds)
+{
+	const size_t buf_begin = strlen (buf);
+
+	/* Nothing to do here if SHA_ROUNDS_DEFAULT is used. */
+	if (rounds == SHA_ROUNDS_DEFAULT) {
+		return;
+	}
+
+	/*
+	 * Check if the result buffer is long enough.
+	 * We are going to write a maximum of 17 bytes,
+	 * plus one byte for the terminator.
+	 *    rounds=XXXXXXXXX$
+	 *    00000000011111111
+	 *    12345678901234567
+	 */
+	assert (GENSALT_SETTING_SIZE > buf_begin + 17);
+
+	(void) snprintf (buf + buf_begin, 18, "rounds=%lu$", rounds);
 }
 #endif /* USE_SHA_CRYPT */
 
 #ifdef USE_BCRYPT
-/* Default number of rounds if not explicitly specified.  */
-#define B_ROUNDS_DEFAULT 13
-/* Minimum number of rounds.  */
-#define B_ROUNDS_MIN 4
-/* Maximum number of rounds.  */
-#define B_ROUNDS_MAX 31
-/*
- * Return a salt prefix specifying the rounds number for the BCRYPT method.
- */
-static /*@observer@*/const char *BCRYPT_salt_rounds (/*@null@*/int *prefered_rounds)
+/* Return the the rounds number for the BCRYPT method. */
+static /*@observer@*/const unsigned long BCRYPT_get_salt_rounds (/*@null@*/int *prefered_rounds)
 {
-	static char rounds_prefix[4]; /* Max size: 31$ */
-	long rounds;
+	unsigned long rounds;
 
 	if (NULL == prefered_rounds) {
 		long min_rounds = getdef_long ("BCRYPT_MIN_ROUNDS", -1);
 		long max_rounds = getdef_long ("BCRYPT_MAX_ROUNDS", -1);
 
-		if (((-1 == min_rounds) && (-1 == max_rounds)) || (0 == *prefered_rounds)) {
+		if ((-1 == min_rounds) && (-1 == max_rounds)) {
 			rounds = B_ROUNDS_DEFAULT;
-		}
-		else {
+		} else {
 			if (-1 == min_rounds) {
 				min_rounds = max_rounds;
 			}
-	
+
 			if (-1 == max_rounds) {
 				max_rounds = min_rounds;
 			}
-	
+
 			if (min_rounds > max_rounds) {
 				max_rounds = min_rounds;
 			}
-	
-			rounds = shadow_random (min_rounds, max_rounds);
+
+			rounds = (unsigned long) shadow_random (min_rounds, max_rounds);
 		}
+	} else if (0 == *prefered_rounds) {
+		rounds = B_ROUNDS_DEFAULT;
 	} else {
-		rounds = *prefered_rounds;
+		rounds = (unsigned long) *prefered_rounds;
 	}
 
-	/* 
-	 * Sanity checks. 
-	 * Use 19 as an upper bound for now,
-	 * because musl doesn't allow rounds >= 20.
-	 */
+	/* Sanity checks. */
 	if (rounds < B_ROUNDS_MIN) {
 		rounds = B_ROUNDS_MIN;
 	}
 
+#if USE_XCRYPT_GENSALT
+	if (rounds > B_ROUNDS_MAX) {
+		rounds = B_ROUNDS_MAX;
+	}
+#else /* USE_XCRYPT_GENSALT */
+	/*
+	 * Use 19 as an upper bound for now,
+	 * because musl doesn't allow rounds >= 20.
+	 */
 	if (rounds > 19) {
 		/* rounds = B_ROUNDS_MAX; */
 		rounds = 19;
 	}
+#endif /* USE_XCRYPT_GENSALT */
 
-	(void) snprintf (rounds_prefix, sizeof rounds_prefix,
-	                 "%2.2ld$", rounds);
-
-	return rounds_prefix;
+	return rounds;
 }
 
-#define BCRYPT_SALT_SIZE 22
 /*
- *  Generate a 22 character salt string for bcrypt.
+ * Fill a salt prefix specifying the rounds number for the BCRYPT method
+ * to a buffer.
  */
-static /*@observer@*/const char *gensalt_bcrypt (void)
+static /*@observer@*/void BCRYPT_salt_rounds_to_buf (char *buf, unsigned long rounds)
 {
-	static char salt[32];
+	const size_t buf_begin = strlen (buf);
 
-	salt[0] = '\0';
+	/*
+	 * Check if the result buffer is long enough.
+	 * We are going to write three bytes,
+	 * plus one byte for the terminator.
+	 *    XX$
+	 *    000
+	 *    123
+	 */
+	assert (GENSALT_SETTING_SIZE > buf_begin + 3);
 
-	seedRNG ();
-	strcat (salt, l64a (random()));
-	do {
-		strcat (salt, l64a (random()));
-	} while (strlen (salt) < BCRYPT_SALT_SIZE);
-
-	salt[BCRYPT_SALT_SIZE] = '\0';
-
-	return salt;
+	(void) snprintf (buf + buf_begin, 4, "%2.2lu$", rounds);
 }
 #endif /* USE_BCRYPT */
 
-/*
- *  Generate salt of size salt_size.
- */
-#define MAX_SALT_SIZE 16
-#define MIN_SALT_SIZE 8
+#ifdef USE_YESCRYPT
+/* Return the the cost number for the YESCRYPT method. */
+static /*@observer@*/const unsigned long YESCRYPT_get_salt_cost (/*@null@*/int *prefered_cost)
+{
+	unsigned long cost;
 
+	if (NULL == prefered_cost) {
+		cost = getdef_num ("YESCRYPT_COST_FACTOR", Y_COST_DEFAULT);
+	} else if (0 == *prefered_cost) {
+		cost = Y_COST_DEFAULT;
+	} else {
+		cost = (unsigned long) *prefered_cost;
+	}
+
+	/* Sanity checks. */
+	if (cost < Y_COST_MIN) {
+		cost = Y_COST_MIN;
+	}
+
+	if (cost > Y_COST_MAX) {
+		cost = Y_COST_MAX;
+	}
+
+	return cost;
+}
+
+/*
+ * Fill a salt prefix specifying the cost for the YESCRYPT method
+ * to a buffer.
+ */
+static /*@observer@*/void YESCRYPT_salt_cost_to_buf (char *buf, unsigned long cost)
+{
+	const size_t buf_begin = strlen (buf);
+
+	/*
+	 * Check if the result buffer is long enough.
+	 * We are going to write four bytes,
+	 * plus one byte for the terminator.
+	 *    jXX$
+	 *    0000
+	 *    1234
+	 */
+	assert (GENSALT_SETTING_SIZE > buf_begin + 4);
+
+	buf[buf_begin + 0] = 'j';
+	if (cost < 3) {
+		buf[buf_begin + 1] = 0x36 + cost;
+	} else if (cost < 6) {
+		buf[buf_begin + 1] = 0x34 + cost;
+	} else {
+		buf[buf_begin + 1] = 0x3b + cost;
+	}
+	buf[buf_begin + 2] = cost >= 3 ? 'T' : '5';
+	buf[buf_begin + 3] = '$';
+	buf[buf_begin + 4] = '\0';
+}
+#endif /* USE_YESCRYPT */
+
+#if !USE_XCRYPT_GENSALT
 static /*@observer@*/const char *gensalt (size_t salt_size)
 {
-	static char salt[32];
+	static char salt[MAX_SALT_SIZE + 6];
 
-	salt[0] = '\0';
+	memset (salt, '\0', MAX_SALT_SIZE + 6);
 
 	assert (salt_size >= MIN_SALT_SIZE &&
 	        salt_size <= MAX_SALT_SIZE);
-	seedRNG ();
-	strcat (salt, l64a (random()));
+	strcat (salt, l64a (read_random_bytes ()));
 	do {
-		strcat (salt, l64a (random()));
+		strcat (salt, l64a (read_random_bytes ()));
 	} while (strlen (salt) < salt_size);
 
 	salt[salt_size] = '\0';
 
 	return salt;
 }
+#endif /* !USE_XCRYPT_GENSALT */
 
 /*
  * Generate 8 base64 ASCII characters of random salt.  If MD5_CRYPT_ENAB
@@ -296,26 +447,23 @@ static /*@observer@*/const char *gensalt (size_t salt_size)
  * Other methods can be set with ENCRYPT_METHOD
  *
  * The method can be forced with the meth parameter.
- * If NULL, the method will be defined according to the MD5_CRYPT_ENAB and
- * ENCRYPT_METHOD login.defs variables.
+ * If NULL, the method will be defined according to the ENCRYPT_METHOD
+ * variable, and if not set according to the MD5_CRYPT_ENAB variable,
+ * which can both be set inside the login.defs file.
  *
  * If meth is specified, an additional parameter can be provided.
  *  * For the SHA256 and SHA512 method, this specifies the number of rounds
  *    (if not NULL).
+ *  * For the YESCRYPT method, this specifies the cost factor (if not NULL).
  */
 /*@observer@*/const char *crypt_make_salt (/*@null@*//*@observer@*/const char *meth, /*@null@*/void *arg)
 {
-	/* Max result size for the SHA methods:
-	 *  +3		$5$
-	 *  +17		rounds=999999999$
-	 *  +16		salt
-	 *  +1		\0
-	 */
-	static char result[40];
-	size_t salt_len = 8;
+	static char result[GENSALT_SETTING_SIZE];
+	size_t salt_len = MAX_SALT_SIZE;
 	const char *method;
+	unsigned long rounds = 0;
 
-	result[0] = '\0';
+	memset (result, '\0', GENSALT_SETTING_SIZE);
 
 	if (NULL != meth)
 		method = meth;
@@ -328,46 +476,80 @@ static /*@observer@*/const char *gensalt (size_t salt_size)
 
 	if (0 == strcmp (method, "MD5")) {
 		MAGNUM(result, '1');
+		salt_len = MD5_CRYPT_SALT_SIZE;
+		rounds = 0;
 #ifdef USE_BCRYPT
 	} else if (0 == strcmp (method, "BCRYPT")) {
 		BCRYPTMAGNUM(result);
-		strcat(result, BCRYPT_salt_rounds((int *)arg));
+		salt_len = BCRYPT_SALT_SIZE;
+		rounds = BCRYPT_get_salt_rounds ((int *) arg);
+		BCRYPT_salt_rounds_to_buf (result, rounds);
 #endif /* USE_BCRYPT */
+#ifdef USE_YESCRYPT
+	} else if (0 == strcmp (method, "YESCRYPT")) {
+		MAGNUM(result, 'y');
+		salt_len = YESCRYPT_SALT_SIZE;
+		rounds = YESCRYPT_get_salt_cost ((int *) arg);
+		YESCRYPT_salt_cost_to_buf (result, rounds);
+#endif /* USE_YESCRYPT */
 #ifdef USE_SHA_CRYPT
 	} else if (0 == strcmp (method, "SHA256")) {
 		MAGNUM(result, '5');
-		strcat(result, SHA_salt_rounds((int *)arg));
-		salt_len = (size_t) shadow_random (8, 16);
+		salt_len = SHA_CRYPT_SALT_SIZE;
+		rounds = SHA_get_salt_rounds ((int *) arg);
+		SHA_salt_rounds_to_buf (result, rounds);
 	} else if (0 == strcmp (method, "SHA512")) {
 		MAGNUM(result, '6');
-		strcat(result, SHA_salt_rounds((int *)arg));
-		salt_len = (size_t) shadow_random (8, 16);
+		salt_len = SHA_CRYPT_SALT_SIZE;
+		rounds = SHA_get_salt_rounds ((int *) arg);
+		SHA_salt_rounds_to_buf (result, rounds);
 #endif /* USE_SHA_CRYPT */
 	} else if (0 != strcmp (method, "DES")) {
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 			 _("Invalid ENCRYPT_METHOD value: '%s'.\n"
 			   "Defaulting to DES.\n"),
 			 method);
-		result[0] = '\0';
+		salt_len = MAX_SALT_SIZE;
+		rounds = 0;
+		memset (result, '\0', GENSALT_SETTING_SIZE);
 	}
 
+#if USE_XCRYPT_GENSALT
 	/*
-	 * Concatenate a pseudo random salt.
+	 * Prepare DES setting for crypt_gensalt(), if result
+	 * has not been filled with anything previously.
 	 */
-	assert (sizeof (result) > strlen (result) + salt_len);
-#ifdef USE_BCRYPT
-	if (0 == strcmp (method, "BCRYPT")) {
-		strncat (result, gensalt_bcrypt (),
-				 sizeof (result) - strlen (result) - 1);
-		return result;
-	} else {
-#endif /* USE_BCRYPT */	
-		strncat (result, gensalt (salt_len),
-			 sizeof (result) - strlen (result) - 1);
-#ifdef USE_BCRYPT
+	if ('\0' == result[0]) {
+		/* Avoid -Wunused-but-set-variable. */
+		salt_len = GENSALT_SETTING_SIZE - 1;
+		rounds = 0;
+		memset (result, '.', salt_len);
+		result[salt_len] = '\0';
 	}
-#endif /* USE_BCRYPT */	
+
+	char *retval = crypt_gensalt (result, rounds, NULL, 0);
+
+	/* Should not happen, but... */
+	if (NULL == retval) {
+		fprintf (shadow_logfd,
+			 _("Unable to generate a salt from setting "
+			   "\"%s\", check your settings in "
+			   "ENCRYPT_METHOD and the corresponding "
+			   "configuration for your selected hash "
+			   "method.\n"), result);
+
+		exit (1);
+	}
+
+	return retval;
+#else /* USE_XCRYPT_GENSALT */
+	/* Check if the result buffer is long enough. */
+	assert (GENSALT_SETTING_SIZE > strlen (result) + salt_len);
+
+	/* Concatenate a pseudo random salt. */
+	strncat (result, gensalt (salt_len),
+		 GENSALT_SETTING_SIZE - strlen (result) - 1);
 
 	return result;
+#endif /* USE_XCRYPT_GENSALT */
 }
-

libmisc/setupenv.c

@@ -219,7 +219,7 @@ void setup_env (struct passwd *info)
 		static char temp_pw_dir[] = "/";
 
 		if (!getdef_bool ("DEFAULT_HOME") || chdir ("/") == -1) {
-			fprintf (stderr, _("Unable to cd to '%s'\n"),
+			fprintf (shadow_logfd, _("Unable to cd to '%s'\n"),
 				 info->pw_dir);
 			SYSLOG ((LOG_WARN,
 				 "unable to cd to `%s' for user `%s'\n",

libmisc/user_busy.c

@@ -96,7 +96,7 @@ static int user_busy_utmp (const char *name)
 			continue;
 		}
 
-		fprintf (stderr,
+		fprintf (shadow_logfd,
 		         _("%s: user %s is currently logged in\n"),
 		         Prog, name);
 		return 1;
@@ -249,7 +249,7 @@ static int user_busy_processes (const char *name, uid_t uid)
 #ifdef ENABLE_SUBIDS
 			sub_uid_close();
 #endif
-			fprintf (stderr,
+			fprintf (shadow_logfd,
 			         _("%s: user %s is currently used by process %d\n"),
 			         Prog, name, pid);
 			return 1;
@@ -269,10 +269,11 @@ static int user_busy_processes (const char *name, uid_t uid)
 				}
 				if (check_status (name, task_path+6, uid) != 0) {
 					(void) closedir (proc);
+					(void) closedir (task_dir);
 #ifdef ENABLE_SUBIDS
 					sub_uid_close();
 #endif
-					fprintf (stderr,
+					fprintf (shadow_logfd,
 					         _("%s: user %s is currently used by process %d\n"),
 					         Prog, name, pid);
 					return 1;

libmisc/utmp.c

@@ -257,25 +257,25 @@ static void updwtmpx (const char *filename, const struct utmpx *utx)
 	utent->ut_type = USER_PROCESS;
 #endif				/* HAVE_STRUCT_UTMP_UT_TYPE */
 	utent->ut_pid = getpid ();
-	strncpy (utent->ut_line, line,      sizeof (utent->ut_line));
+	strncpy (utent->ut_line, line,      sizeof (utent->ut_line) - 1);
 #ifdef HAVE_STRUCT_UTMP_UT_ID
 	if (NULL != ut) {
 		strncpy (utent->ut_id, ut->ut_id, sizeof (utent->ut_id));
 	} else {
 		/* XXX - assumes /dev/tty?? */
-		strncpy (utent->ut_id, line + 3, sizeof (utent->ut_id));
+		strncpy (utent->ut_id, line + 3, sizeof (utent->ut_id) - 1);
 	}
 #endif				/* HAVE_STRUCT_UTMP_UT_ID */
 #ifdef HAVE_STRUCT_UTMP_UT_NAME
 	strncpy (utent->ut_name, name,      sizeof (utent->ut_name));
 #endif				/* HAVE_STRUCT_UTMP_UT_NAME */
 #ifdef HAVE_STRUCT_UTMP_UT_USER
-	strncpy (utent->ut_user, name,      sizeof (utent->ut_user));
+	strncpy (utent->ut_user, name,      sizeof (utent->ut_user) - 1);
 #endif				/* HAVE_STRUCT_UTMP_UT_USER */
 	if (NULL != hostname) {
 		struct addrinfo *info = NULL;
 #ifdef HAVE_STRUCT_UTMP_UT_HOST
-		strncpy (utent->ut_host, hostname, sizeof (utent->ut_host));
+		strncpy (utent->ut_host, hostname, sizeof (utent->ut_host) - 1);
 #endif				/* HAVE_STRUCT_UTMP_UT_HOST */
 #ifdef HAVE_STRUCT_UTMP_UT_SYSLEN
 		utent->ut_syslen = MIN (strlen (hostname),

libmisc/xgetXXbyYY.c

@@ -74,7 +74,7 @@
 
 	result = malloc(sizeof(LOOKUP_TYPE));
 	if (NULL == result) {
-		fprintf (stderr, _("%s: out of memory\n"),
+		fprintf (shadow_logfd, _("%s: out of memory\n"),
 		         "x" STRINGIZE(FUNCTION_NAME));
 		exit (13);
 	}
@@ -84,7 +84,7 @@
 		LOOKUP_TYPE *resbuf = NULL;
 		buffer = (char *)realloc (buffer, length);
 		if (NULL == buffer) {
-			fprintf (stderr, _("%s: out of memory\n"),
+			fprintf (shadow_logfd, _("%s: out of memory\n"),
 			         "x" STRINGIZE(FUNCTION_NAME));
 			exit (13);
 		}
@@ -132,7 +132,7 @@
 	if (result) {
 		result = DUP_FUNCTION(result);
 		if (NULL == result) {
-			fprintf (stderr, _("%s: out of memory\n"),
+			fprintf (shadow_logfd, _("%s: out of memory\n"),
 			         "x" STRINGIZE(FUNCTION_NAME));
 			exit (13);
 		}

libmisc/xmalloc.c

@@ -54,7 +54,7 @@
 
 	ptr = (char *) malloc (size);
 	if (NULL == ptr) {
-		(void) fprintf (stderr,
+		(void) fprintf (shadow_logfd,
 		                _("%s: failed to allocate memory: %s\n"),
 		                Prog, strerror (errno));
 		exit (13);
@@ -66,3 +66,10 @@
 {
 	return strcpy (xmalloc (strlen (str) + 1), str);
 }
+
+void xfree(void *ap)
+{
+	if (ap) {
+		free(ap);
+	}
+}

libsubid/Makefile.am

@@ -0,0 +1,29 @@
+lib_LTLIBRARIES = libsubid.la
+libsubid_la_LDFLAGS = -Wl,-soname,libsubid.so.@LIBSUBID_ABI@ \
+	-shared -version-info @LIBSUBID_ABI_MAJOR@
+libsubid_la_SOURCES = api.c
+
+pkginclude_HEADERS = subid.h
+
+MISCLIBS = \
+	$(LIBAUDIT) \
+	$(LIBSELINUX) \
+	$(LIBSEMANAGE) \
+	$(LIBCRYPT_NOPAM) \
+	$(LIBSKEY) \
+	$(LIBMD) \
+	$(LIBECONF) \
+	$(LIBCRYPT) \
+	$(LIBACL) \
+	$(LIBATTR) \
+	$(LIBTCB)
+
+libsubid_la_LIBADD = \
+	$(top_srcdir)/lib/libshadow.la \
+	$(top_srcdir)/libmisc/libmisc.la \
+	$(MISCLIBS) -ldl
+
+AM_CPPFLAGS = \
+	-I${top_srcdir}/lib \
+	-I${top_srcdir}/libmisc \
+	-DLOCALEDIR=\"$(datadir)/locale\"

libsubid/api.c

@@ -0,0 +1,130 @@
+/*
+ * Copyright (c) 2020 Serge Hallyn
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the copyright holders or contributors may not be used to
+ *    endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <config.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+#include <pwd.h>
+#include <stdbool.h>
+#include "subordinateio.h"
+#include "idmapping.h"
+#include "subid.h"
+
+const char *Prog = "(libsubid)";
+FILE *shadow_logfd;
+
+bool libsubid_init(const char *progname, FILE * logfd)
+{
+	if (progname) {
+		progname = strdup(progname);
+		if (progname)
+			Prog = progname;
+		else
+			return false;
+	}
+
+	if (logfd) {
+		shadow_logfd = logfd;
+		return true;
+	}
+	shadow_logfd = fopen("/dev/null", "w");
+	if (!shadow_logfd) {
+		shadow_logfd = stderr;
+		return false;
+	}
+	return true;
+}
+
+static
+int get_subid_ranges(const char *owner, enum subid_type id_type, struct subid_range **ranges)
+{
+	return list_owner_ranges(owner, id_type, ranges);
+}
+
+int get_subuid_ranges(const char *owner, struct subid_range **ranges)
+{
+	return get_subid_ranges(owner, ID_TYPE_UID, ranges);
+}
+
+int get_subgid_ranges(const char *owner, struct subid_range **ranges)
+{
+	return get_subid_ranges(owner, ID_TYPE_GID, ranges);
+}
+
+static
+int get_subid_owner(unsigned long id, enum subid_type id_type, uid_t **owner)
+{
+	return find_subid_owners(id, id_type, owner);
+}
+
+int get_subuid_owners(uid_t uid, uid_t **owner)
+{
+	return get_subid_owner((unsigned long)uid, ID_TYPE_UID, owner);
+}
+
+int get_subgid_owners(gid_t gid, uid_t **owner)
+{
+	return get_subid_owner((unsigned long)gid, ID_TYPE_GID, owner);
+}
+
+static
+bool grant_subid_range(struct subordinate_range *range, bool reuse,
+		       enum subid_type id_type)
+{
+	return new_subid_range(range, id_type, reuse);
+}
+
+bool grant_subuid_range(struct subordinate_range *range, bool reuse)
+{
+	return grant_subid_range(range, reuse, ID_TYPE_UID);
+}
+
+bool grant_subgid_range(struct subordinate_range *range, bool reuse)
+{
+	return grant_subid_range(range, reuse, ID_TYPE_GID);
+}
+
+static
+bool ungrant_subid_range(struct subordinate_range *range, enum subid_type id_type)
+{
+	return release_subid_range(range, id_type);
+}
+
+bool ungrant_subuid_range(struct subordinate_range *range)
+{
+	return ungrant_subid_range(range, ID_TYPE_UID);
+}
+
+bool ungrant_subgid_range(struct subordinate_range *range)
+{
+	return ungrant_subid_range(range, ID_TYPE_GID);
+}

libsubid/subid.h

@@ -0,0 +1,151 @@
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdbool.h>
+
+#ifndef SUBID_RANGE_DEFINED
+#define SUBID_RANGE_DEFINED 1
+
+/* subid_range is just a starting point and size of a range */
+struct subid_range {
+	unsigned long start;
+	unsigned long count;
+};
+
+/* subordinage_range is a subid_range plus an owner, representing
+ * a range in /etc/subuid or /etc/subgid */
+struct subordinate_range {
+	const char *owner;
+	unsigned long start;
+	unsigned long count;
+};
+
+enum subid_type {
+	ID_TYPE_UID = 1,
+	ID_TYPE_GID = 2
+};
+
+enum subid_status {
+	SUBID_STATUS_SUCCESS = 0,
+	SUBID_STATUS_UNKNOWN_USER = 1,
+	SUBID_STATUS_ERROR_CONN = 2,
+	SUBID_STATUS_ERROR = 3,
+};
+
+/*
+ * libsubid_init: initialize libsubid
+ *
+ * @progname: Name to display as program.  If NULL, then "(libsubid)" will be
+ *            shown in error messages.
+ * @logfd:    Open file pointer to pass error messages to.  If NULL, then
+ *            /dev/null will be opened and messages will be sent there.  The
+ *            default if libsubid_init() is not called is stderr (2).
+ *
+ * This function does not need to be called.  If not called, then the defaults
+ * will be used.
+ *
+ * Returns false if an error occurred.
+ */
+bool libsubid_init(const char *progname, FILE *logfd);
+
+/*
+ * get_subuid_ranges: return a list of UID ranges for a user
+ *
+ * @owner: username being queried
+ * @ranges: a pointer to an array of subid_range structs in which the result
+ *          will be returned.
+ *
+ * The caller must free(ranges) when done.
+ *
+ * returns: number of ranges found, ir < 0 on error.
+ */
+int get_subuid_ranges(const char *owner, struct subid_range **ranges);
+
+/*
+ * get_subgid_ranges: return a list of GID ranges for a user
+ *
+ * @owner: username being queried
+ * @ranges: a pointer to an array of subid_range structs in which the result
+ *          will be returned.
+ *
+ * The caller must free(ranges) when done.
+ *
+ * returns: number of ranges found, ir < 0 on error.
+ */
+int get_subgid_ranges(const char *owner, struct subid_range **ranges);
+
+/*
+ * get_subuid_owners: return a list of uids to which the given uid has been
+ *                    delegated.
+ *
+ * @uid: The subuid being queried
+ * @owners: a pointer to an array of uids into which the results are placed.
+ *          The returned array must be freed by the caller.
+ *
+ * Returns the number of uids returned, or < 0 on error.
+ */
+int get_subuid_owners(uid_t uid, uid_t **owner);
+
+/*
+ * get_subgid_owners: return a list of uids to which the given gid has been
+ *                    delegated.
+ *
+ * @uid: The subgid being queried
+ * @owners: a pointer to an array of uids into which the results are placed.
+ *          The returned array must be freed by the caller.
+ *
+ * Returns the number of uids returned, or < 0 on error.
+ */
+int get_subgid_owners(gid_t gid, uid_t **owner);
+
+/*
+ * grant_subuid_range: assign a subuid range to a user
+ *
+ * @range: pointer to a struct subordinate_range detailing the UID range
+ *         to allocate.  ->owner must be the username, and ->count must be
+ *         filled in.  ->start is ignored, and will contain the start
+ *         of the newly allocated range, upon success.
+ *
+ * Returns true if the delegation succeeded, false otherwise.  If true,
+ * then the range from (range->start, range->start + range->count) will
+ * be delegated to range->owner.
+ */
+bool grant_subuid_range(struct subordinate_range *range, bool reuse);
+
+/*
+ * grant_subsid_range: assign a subgid range to a user
+ *
+ * @range: pointer to a struct subordinate_range detailing the GID range
+ *         to allocate.  ->owner must be the username, and ->count must be
+ *         filled in.  ->start is ignored, and will contain the start
+ *         of the newly allocated range, upon success.
+ *
+ * Returns true if the delegation succeeded, false otherwise.  If true,
+ * then the range from (range->start, range->start + range->count) will
+ * be delegated to range->owner.
+ */
+bool grant_subgid_range(struct subordinate_range *range, bool reuse);
+
+/*
+ * ungrant_subuid_range: remove a subuid allocation.
+ *
+ * @range: pointer to a struct subordinate_range detailing the UID allocation
+ *         to remove.
+ *
+ * Returns true if successful, false if it failed, for instance if the
+ * delegation did not exist.
+ */
+bool ungrant_subuid_range(struct subordinate_range *range);
+
+/*
+ * ungrant_subuid_range: remove a subgid allocation.
+ *
+ * @range: pointer to a struct subordinate_range detailing the GID allocation
+ *         to remove.
+ *
+ * Returns true if successful, false if it failed, for instance if the
+ * delegation did not exist.
+ */
+bool ungrant_subgid_range(struct subordinate_range *range);
+
+#define SUBID_NFIELDS 3
+#endif

man/Makefile.am

@@ -136,6 +136,8 @@ login_defs_v = \
 	FAKE_SHELL.xml \
 	FTMP_FILE.xml \
 	GID_MAX.xml \
+	HMAC_CRYPTO_ALGO.xml \
+	HOME_MODE.xml \
 	HUSHLOGIN_FILE.xml \
 	ISSUE_FILE.xml \
 	KILLCHAR.xml \
@@ -152,6 +154,7 @@ login_defs_v = \
 	MD5_CRYPT_ENAB.xml \
 	MOTD_FILE.xml \
 	NOLOGINS_FILE.xml \
+	NONEXISTENT.xml \
 	OBSCURE_CHECKS_ENAB.xml \
 	PASS_ALWAYS_WARN.xml \
 	PASS_CHANGE_TRIES.xml \

man/chage.1.xml

@@ -102,6 +102,9 @@
 	    Set the number of days since January 1st, 1970 when the password
 	    was last changed. The date may also be expressed in the format
 	    YYYY-MM-DD (or the format more commonly used in your area).
+	    If the <replaceable>LAST_DAY</replaceable> is set to
+	    <emphasis>0</emphasis> the user is forced to change his password
+	    on the next log on.
 	  </para>
 	</listitem>
       </varlistentry>
@@ -118,6 +121,13 @@
 	    contact the system administrator before being able to use the
 	    system again.
 	  </para>
+	  <para>
+	    For example the following can be used to set an account to expire
+	    in 180 days:
+	  </para>
+	  <programlisting>
+	    chage -E $(date -d +180days +%Y-%m-%d)
+	  </programlisting>
 	  <para>
 	    Passing the number <emphasis remap='I'>-1</emphasis> as the
 	    <replaceable>EXPIRE_DATE</replaceable> will remove an account
@@ -239,6 +249,18 @@
       The <command>chage</command> program requires a shadow password file to
       be available.
     </para>
+    <para>
+      The chage program will report only the information from the shadow
+      password file. This implies that configuration from other sources
+      (e.g. LDAP or empty password hash field from the passwd file) that
+      affect the user's login will not be shown in the chage output.
+    </para>
+    <para>
+      The <command>chage</command> program will also not report any
+      inconsistency between the shadow and passwd files (e.g. missing x in
+      the passwd file). The <command>pwck</command> can be used to check
+      for this kind of inconsistencies.
+    </para>
     <para>The <command>chage</command> command is restricted to the root
       user, except for the <option>-l</option> option, which may be used by
       an unprivileged user to determine when their password or account is due

man/groupadd.8.xml

@@ -229,6 +229,22 @@
 	  </para>
 	</listitem>
       </varlistentry>
+      <varlistentry>
+	<term>
+	  <option>-U</option>, <option>--users</option>
+	</term>
+	<listitem>
+	  <para>
+	    A list of usernames to add as members of the group.
+	  </para>
+	  <para>
+	    The default behavior (if the <option>-g</option>,
+	    <option>-N</option>, and <option>-U</option> options are not
+	    specified) is defined by the <option>USERGROUPS_ENAB</option>
+	    variable in <filename>/etc/login.defs</filename>.
+	  </para>
+	</listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>
 
@@ -318,13 +334,13 @@
 	<varlistentry>
 	  <term><replaceable>4</replaceable></term>
 	  <listitem>
-	    <para>GID not unique (when <option>-o</option> not used)</para>
+	    <para>GID is already used (when called without <option>-o</option>)</para>
 	  </listitem>
 	</varlistentry>
 	<varlistentry>
 	  <term><replaceable>9</replaceable></term>
 	  <listitem>
-	    <para>group name not unique</para>
+	    <para>group name is already used</para>
 	  </listitem>
 	</varlistentry>
 	<varlistentry>

man/groupdel.8.xml

@@ -91,6 +91,17 @@
       are:
     </para>
     <variablelist remap='IP'>
+      <varlistentry>
+	<term>
+	  <option>-f</option>, <option>--force</option>
+	</term>
+	<listitem>
+	  <para>
+      This option forces the removal of the group, even if there's some user
+      having the group as the primary one.
+	  </para>
+	</listitem>
+      </varlistentry>
       <varlistentry>
 	<term><option>-h</option>, <option>--help</option></term>
 	<listitem>

man/groupmod.8.xml

@@ -93,6 +93,15 @@
     </para>
     <variablelist remap='IP'>
       <varlistentry>
+	<term>
+	  <option>-a</option>, <option>--append</option>&nbsp;<replaceable>GID</replaceable>
+	</term>
+	<listitem>
+      <para>If group members are specified with -U, append them to the existing
+            member list, rather than replacing it.</para>
+    </listitem>
+    </varlistentry>
+    <varlistentry>
 	<term>
 	  <option>-g</option>, <option>--gid</option>&nbsp;<replaceable>GID</replaceable>
 	</term>
@@ -203,6 +212,22 @@
 	  </para>
 	</listitem>
       </varlistentry>
+      <varlistentry>
+	<term>
+	  <option>-U</option>, <option>--users</option>
+	</term>
+	<listitem>
+	  <para>
+	    A list of usernames to add as members of the group.
+	  </para>
+	  <para>
+	    The default behavior (if the <option>-g</option>,
+	    <option>-N</option>, and <option>-U</option> options are not
+	    specified) is defined by the <option>USERGROUPS_ENAB</option>
+	    variable in <filename>/etc/login.defs</filename>.
+	  </para>
+	</listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>
 
@@ -274,7 +299,7 @@
 	<varlistentry>
 	  <term><replaceable>4</replaceable></term>
 	  <listitem>
-	    <para>E_GID_IN_USE: specified group doesn't exist</para>
+	    <para>E_GID_IN_USE: group id already in use</para>
 	  </listitem>
 	</varlistentry>
 	<varlistentry>

man/grpck.8.xml

@@ -34,7 +34,6 @@
 <!-- SHADOW-CONFIG-HERE -->
 ]>
 <refentry id='grpck.8'>
-  <!-- $Id$ -->
   <refentryinfo>
     <author>
       <firstname>Julianne Frances</firstname>
@@ -192,6 +191,17 @@
 	  </para>
 	</listitem>
       </varlistentry>
+      <varlistentry>
+        <term><option>-S</option>, <option>--silence-warnings</option></term>
+        <listitem>
+          <para>
+            Suppress more controversial warnings, in particular warnings about
+            inconsistency between group members listed in
+            <filename>/etc/group</filename> and
+            <filename>/etc/ghadow</filename>.
+          </para>
+        </listitem>
+      </varlistentry>
     </variablelist>
     <para>
       By default, <command>grpck</command> operates on

man/lastlog.8.xml

@@ -233,5 +233,12 @@
       is no entries for users with UID between 170 and 800 lastlog will appear
       to hang as it processes entries with UIDs 171-799).
     </para>
+    <para>
+      Having high UIDs can create problems when handling the <term><filename>
+      /var/log/lastlog</filename></term> with external tools. Although the
+      actual file is sparse and does not use too much space, certain
+      applications are not designed to identify sparse files by default and may
+      require a specific option to handle them.
+    </para>
   </refsect1>
 </refentry>

man/login.defs.5.xml

@@ -50,6 +50,7 @@
 <!ENTITY FAKE_SHELL            SYSTEM "login.defs.d/FAKE_SHELL.xml">
 <!ENTITY FTMP_FILE             SYSTEM "login.defs.d/FTMP_FILE.xml">
 <!ENTITY GID_MAX               SYSTEM "login.defs.d/GID_MAX.xml">
+<!ENTITY HMAC_CRYPTO_ALGO      SYSTEM "login.defs.d/HMAC_CRYPTO_ALGO.xml">
 <!ENTITY HOME_MODE             SYSTEM "login.defs.d/HOME_MODE.xml">
 <!ENTITY HUSHLOGIN_FILE        SYSTEM "login.defs.d/HUSHLOGIN_FILE.xml">
 <!ENTITY ISSUE_FILE            SYSTEM "login.defs.d/ISSUE_FILE.xml">
@@ -67,6 +68,7 @@
 <!ENTITY MD5_CRYPT_ENAB        SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
 <!ENTITY MOTD_FILE             SYSTEM "login.defs.d/MOTD_FILE.xml">
 <!ENTITY NOLOGINS_FILE         SYSTEM "login.defs.d/NOLOGINS_FILE.xml">
+<!ENTITY NONEXISTENT           SYSTEM "login.defs.d/NONEXISTENT.xml">
 <!ENTITY OBSCURE_CHECKS_ENAB   SYSTEM "login.defs.d/OBSCURE_CHECKS_ENAB.xml">
 <!ENTITY PASS_ALWAYS_WARN      SYSTEM "login.defs.d/PASS_ALWAYS_WARN.xml">
 <!ENTITY PASS_CHANGE_TRIES     SYSTEM "login.defs.d/PASS_CHANGE_TRIES.xml">
@@ -186,6 +188,7 @@
       &FAKE_SHELL;
       &FTMP_FILE;
       &GID_MAX; <!-- documents also GID_MIN -->
+      &HMAC_CRYPTO_ALGO;
       &HOME_MODE;
       &HUSHLOGIN_FILE;
       &ISSUE_FILE;
@@ -203,6 +206,7 @@
       &MD5_CRYPT_ENAB;
       &MOTD_FILE;
       &NOLOGINS_FILE;
+      &NONEXISTENT;
       &OBSCURE_CHECKS_ENAB;
       &PASS_ALWAYS_WARN;
       &PASS_CHANGE_TRIES;

man/login.defs.d/ENCRYPT_METHOD.xml

@@ -39,6 +39,9 @@
       <replaceable>MD5</replaceable><phrase condition="sha_crypt">,
       <replaceable>SHA256</replaceable>,
       <replaceable>SHA512</replaceable></phrase>.
+      MD5 and DES should not be used for new hashes, see
+      <refentrytitle>crypt</refentrytitle><manvolnum>5</manvolnum>
+      for recommendations.
     </para>
     <para>
       Note: this parameter overrides the <option>MD5_CRYPT_ENAB</option>

man/login.defs.d/HMAC_CRYPTO_ALGO.xml

@@ -0,0 +1,44 @@
+<!--
+   Copyright (c) 1991 - 1993, Julianne Frances Haugh
+   Copyright (c) 1991 - 1993, Chip Rosenthal
+   Copyright (c) 2007 - 2008, Nicolas François
+   All rights reserved.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+   1. Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+   2. Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+   3. The name of the copyright holders or contributors may not be used to
+      endorse or promote products derived from this software without
+      specific prior written permission.
+
+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+   ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+   PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
+   HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+-->
+<varlistentry condition="no_pam">
+  <term><option>HMAC_CRYPTO_ALGO</option> (string)</term>
+  <listitem>
+    <para>
+      Used to select the HMAC cryptography algorithm that the pam_timestamp
+      module is going to use to calculate the keyed-hash message authentication
+      code.
+    </para>
+    <para>
+      Note: Check <refentrytitle>hmac</refentrytitle><manvolnum>3</manvolnum>
+      to see the possible algorithms that are available in your system.
+    </para>
+  </listitem>
+</varlistentry>

man/login.defs.d/NONEXISTENT.xml

@@ -0,0 +1,41 @@
+<!--
+   Copyright (c) 1991 - 1993, Julianne Frances Haugh
+   Copyright (c) 1991 - 1993, Chip Rosenthal
+   Copyright (c) 2007 - 2009, Nicolas François
+   All rights reserved.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+   1. Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+   2. Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+   3. The name of the copyright holders or contributors may not be used to
+      endorse or promote products derived from this software without
+      specific prior written permission.
+
+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+   ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+   PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
+   HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+-->
+<varlistentry>
+  <term><option>NONEXISTENT</option> (string)</term>
+  <listitem>
+    <para>
+      If a system account intentionally does not have a home directory
+      that exists, this string can be provided in the /etc/passwd
+      entry for the account to indicate this.  The result is that pwck
+      will not emit a spurious warning for this account.
+    </para>
+  </listitem>
+</varlistentry>

man/login.defs.d/PASS_MIN_DAYS.xml

@@ -34,7 +34,7 @@
     <para>
       The minimum number of days allowed between password changes.  Any
       password changes attempted sooner than this will be rejected. If not
-      specified, -1 will be assumed (which disables the restriction).
+      specified, 0 will be assumed (which disables the restriction).
     </para>
   </listitem>
 </varlistentry>

man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml

@@ -44,7 +44,7 @@
     </para>
     <para>
       If not specified, the libc will choose the default number of rounds
-      (5000).
+      (5000), which is orders of magnitude too low for modern hardware.
     </para>
     <para>
       The values must be inside the 1000-999,999,999 range.

man/newgidmap.1.xml

@@ -87,9 +87,15 @@
   <refsect1 id='description'>
     <title>DESCRIPTION</title>
     <para>
-      The <command>newgidmap</command> sets <filename>/proc/[pid]/gid_map</filename> based on its
-      command line arguments and the gids allowed in <filename>/etc/subgid</filename>.
-      Note that the root user is not exempted from the requirement for a valid
+      The <command>newgidmap</command> sets <filename>/proc/[pid]/gid_map</filename>
+      based on its command line arguments and the gids allowed. Subgid
+      delegation can either be managed via <filename>/etc/subgid</filename>
+      or through the configured NSS subid module. These options are mutually
+      exclusive.
+    </para>
+
+    <para>
+      Note that the root group is not exempted from the requirement for a valid
       <filename>/etc/subgid</filename> entry.
     </para>
 
@@ -127,7 +133,7 @@
       <command>newgidmap</command> verifies that the caller is the owner
       of the process indicated by <option>pid</option> and that for each
       of the above sets, each of the GIDs in the range [lowergid,
-      lowergid+count] is allowed to the caller according to
+      lowergid+count) is allowed to the caller according to
       <filename>/etc/subgid</filename> before setting
       <filename>/proc/[pid]/gid_map</filename>.
     </para>

man/newuidmap.1.xml

@@ -87,8 +87,14 @@
   <refsect1 id='description'>
     <title>DESCRIPTION</title>
     <para>
-      The <command>newuidmap</command> sets <filename>/proc/[pid]/uid_map</filename> based on its
-      command line arguments and the uids allowed in <filename>/etc/subuid</filename>.
+      The <command>newuidmap</command> sets <filename>/proc/[pid]/uid_map</filename>
+      based on its command line arguments and the uids allowed. Subuid
+      delegation can either be managed via <filename>/etc/subuid</filename> or
+      through the configured NSS subid module. These options are mutually
+      exclusive.
+    </para>
+
+    <para>
       Note that the root user is not exempted from the requirement for a valid
       <filename>/etc/subuid</filename> entry.
     </para>
@@ -127,7 +133,7 @@
       <command>newuidmap</command> verifies that the caller is the owner
       of the process indicated by <option>pid</option> and that for each
       of the above sets, each of the UIDs in the range [loweruid,
-      loweruid+count] is allowed to the caller according to
+      loweruid+count) is allowed to the caller according to
       <filename>/etc/subuid</filename> before setting
       <filename>/proc/[pid]/uid_map</filename>.
     </para>

man/newusers.8.xml

@@ -219,7 +219,15 @@
 	  <para>
 	    If this field does not specify an existing directory, the
 	    specified directory is created, with ownership set to the
-	    user being created or updated and its primary group.
+	    user being created or updated and its primary group. Note
+	    that <emphasis>newusers does not create parent directories
+	    </emphasis> of the new user's home directory. The newusers
+	    command will fail to create the home directory if the parent
+	    directories do not exist, and will send a message to stderr
+	    informing the user of the failure. The newusers command will
+	    not halt or return a failure to the calling shell if it fails
+	    to create the home directory, it will continue to process the
+	    batch of new users specified.
 	  </para>
 	  <para>
 	    If the home directory of an existing user is changed,

man/passwd.5.xml

@@ -136,9 +136,12 @@
       (but the user may log in the system by other means).
     </para>
     <para>
-      The comment field is used by various system utilities, such as
+      The comment field, also known as the gecos field, is used by
+      various system utilities, such as
       <citerefentry><refentrytitle>finger</refentrytitle>
-      <manvolnum>1</manvolnum></citerefentry>.
+      <manvolnum>1</manvolnum></citerefentry>. The use of an ampersand
+      here will be replaced by the capitalised login name when the field
+      is used or displayed by such system utilities.
     </para>
 
     <para>

man/po/de.po

@@ -1005,10 +1005,10 @@ msgstr ""
 
 #: usermod.8.xml:327(para) chsh.1.xml:123(para)
 msgid ""
-"The name of the user's new login shell. Setting this field to blank causes "
+"The path of the user's new login shell. Setting this field to blank causes "
 "the system to select the default login shell."
 msgstr ""
-"Der Name der neuen Anmelde-Shell des Benutzers. Falls dieses Feld leer "
+"Der Pfad der neuen Anmelde-Shell des Benutzers. Falls dieses Feld leer "
 "gelassen wird, verwendet das System die Standard-Anmelde-Shell."
 
 #: usermod.8.xml:334(term) useradd.8.xml:471(term)

man/po/zh_CN.po

@@ -334,7 +334,7 @@ msgstr "<option>-h</option>, <option>--help</option>"
 #: expiry.1.xml:114(para) chsh.1.xml:103(para) chpasswd.8.xml:173(para)
 #: chgpasswd.8.xml:133(para) chfn.1.xml:169(para) chage.1.xml:131(para)
 msgid "Display help message and exit."
-msgstr "现实帮助信息并退出。"
+msgstr "显示帮助信息并退出。"
 
 #: vipw.8.xml:126(term)
 msgid "<option>-p</option>, <option>--passwd</option>"
@@ -1166,7 +1166,7 @@ msgstr ""
 
 #: usermod.8.xml:464(para)
 msgid "The new SELinux user for the user's login."
-msgstr "用户登陆的 SELinux 用户。"
+msgstr "用户登录的 SELinux 用户。"
 
 #: usermod.8.xml:467(para)
 msgid ""
@@ -2040,9 +2040,9 @@ msgid ""
 "<replaceable>HOME_DIR</replaceable> does not have to exist but will not be "
 "created if it is missing."
 msgstr ""
-"将创建新用户，并使用 <replaceable>HOME_DIR</replaceable> 作为用户登陆目录的"
+"将创建新用户，并使用 <replaceable>HOME_DIR</replaceable> 作为用户登录目录的"
 "值。默认值是将 <replaceable>LOGIN</replaceable> 名附加到 "
-"<replaceable>BASE_DIR</replaceable> 后面，并使用这作为登陆目录。目录不一定必"
+"<replaceable>BASE_DIR</replaceable> 后面，并使用这作为登录目录。目录不一定必"
 "须已经存在 <replaceable>HOME_DIR</replaceable>，但是会在需要时创建。"
 
 #: useradd.8.xml:178(term)
@@ -2086,7 +2086,7 @@ msgid ""
 "The group name or number of the user's initial login group. The group name "
 "must exist. A group number must refer to an already existing group."
 msgstr ""
-"用户初始登陆组的组名或号码。组名必须已经存在。组号码必须指代已经存在的组。"
+"用户初始登录组的组名或号码。组名必须已经存在。组号码必须指代已经存在的组。"
 
 #: useradd.8.xml:233(para)
 msgid ""
@@ -2385,7 +2385,7 @@ msgid ""
 "The SELinux user for the user's login. The default is to leave this field "
 "blank, which causes the system to select the default SELinux user."
 msgstr ""
-"用户登陆的 SELinux 用户。默认为留空，这会造成系统选择默认的 SELinux 用户。"
+"用户登录的 SELinux 用户。默认为留空，这会造成系统选择默认的 SELinux 用户。"
 
 #: useradd.8.xml:520(title)
 msgid "Changing the default values"
@@ -3616,7 +3616,7 @@ msgstr "<option>MAIL_CHECK_ENAB</option> (boolean)"
 
 #: su.1.xml:34(para) login.defs.5.xml:34(para) login.1.xml:34(para)
 msgid "Enable checking and display of mailbox status upon login."
-msgstr "启用登录时检查和现实邮箱状态。"
+msgstr "启用登录时检查和显示邮箱状态。"
 
 #: su.1.xml:37(para) login.defs.5.xml:37(para) login.1.xml:37(para)
 msgid ""
@@ -6254,7 +6254,7 @@ msgstr "<option>ISSUE_FILE</option> (string)"
 
 #: login.defs.5.xml:34(para) login.1.xml:34(para)
 msgid "If defined, this file will be displayed before each login prompt."
-msgstr "如果定义了，此文件将在每次的登录提示之前现实。"
+msgstr "如果定义了，此文件将在每次的登录提示之前显示。"
 
 #: login.defs.5.xml:32(term) login.1.xml:32(term)
 msgid "<option>KILLCHAR</option> (number)"
@@ -6980,7 +6980,7 @@ msgstr "$HOME/.hushlogin"
 
 #: login.1.xml:385(para)
 msgid "Suppress printing of system messages."
-msgstr "阻止现实系统信息。"
+msgstr "阻止显示系统信息。"
 
 #: login.1.xml:399(para)
 msgid ""
@@ -7313,7 +7313,7 @@ msgstr ""
 msgid ""
 "Print the lastlog records more recent than <emphasis remap=\"I\">DAYS</"
 "emphasis>."
-msgstr "只现实新于 <emphasis remap=\"I\">DAYS</emphasis> 的最近登录记录。"
+msgstr "只显示新于 <emphasis remap=\"I\">DAYS</emphasis> 的最近登录记录。"
 
 #: lastlog.8.xml:160(term) faillog.8.xml:202(term)
 msgid ""
@@ -7325,7 +7325,7 @@ msgstr ""
 
 #: lastlog.8.xml:164(para)
 msgid "Print the lastlog record of the specified user(s)."
-msgstr "现实指定用户的最近登录记录。"
+msgstr "显示指定用户的最近登录记录。"
 
 #: lastlog.8.xml:167(para) faillog.8.xml:211(para)
 msgid ""
@@ -7650,7 +7650,7 @@ msgstr "groups"
 
 #: groups.1.xml:65(refpurpose)
 msgid "display current group names"
-msgstr "现实当前组名"
+msgstr "显示当前组名"
 
 #: groups.1.xml:72(replaceable)
 msgid "user"
@@ -9186,7 +9186,7 @@ msgstr ""
 
 #: chage.1.xml:158(para)
 msgid "Show account aging information."
-msgstr "现实账户年龄信息。"
+msgstr "显示账户年龄信息。"
 
 #: chage.1.xml:164(term)
 msgid ""

man/pwck.8.xml

@@ -30,6 +30,7 @@
 -->
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY NONEXISTENT           SYSTEM "login.defs.d/NONEXISTENT.xml">
 <!ENTITY PASS_MAX_DAYS         SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
 <!ENTITY PASS_MIN_DAYS         SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
 <!ENTITY PASS_WARN_AGE         SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
@@ -266,6 +267,7 @@
       tool:
     </para>
     <variablelist>
+      &NONEXISTENT;
       &PASS_MAX_DAYS;
       &PASS_MIN_DAYS;
       &PASS_WARN_AGE;

man/shadow.5.xml

@@ -129,7 +129,7 @@
 	<listitem>
 	  <para>
 	    The date of the last password change, expressed as the number
-	    of days since Jan 1, 1970.
+	    of days since Jan 1, 1970 00:00 UTC.
 	  </para>
 	  <para>
 	    The value 0 has a special meaning, which is that the user
@@ -151,7 +151,7 @@
 	    again.
 	  </para>
 	  <para>
-	    An empty field and value 0 mean that there are no minimum
+	    An empty field and value 0 mean that there is no minimum
 	    password age.
 	  </para>
 	</listitem>
@@ -208,8 +208,8 @@
 	  </para>
 	  <para>
 	    After expiration of the password and this expiration period is
-	    elapsed, no login is possible using the current user's
-	    password.  The user should contact her administrator.
+	    elapsed, no login is possible for the user. The user should contact
+	    her administrator.
 	  </para>
 	  <para>
 	    An empty field means that there are no enforcement of an
@@ -224,7 +224,7 @@
 	<listitem>
 	  <para>
 	    The date of expiration of the account, expressed as the number
-	    of days since Jan 1, 1970.
+	    of days since Jan 1, 1970 00:00 UTC.
 	  </para>
 	  <para>
 	    Note that an account expiration differs from a password

man/subgid.5.xml

@@ -38,6 +38,11 @@
       <surname>Biederman</surname>
       <contrib>Creation, 2013</contrib>
     </author>
+    <author>
+      <firstname>Iker</firstname>
+      <surname>Pedrosa</surname>
+      <contrib>Developer, 2021</contrib>
+    </author>
   </refentryinfo>
   <refmeta>
     <refentrytitle>subgid</refentrytitle>
@@ -48,11 +53,36 @@
   </refmeta>
   <refnamediv id='name'>
     <refname>subgid</refname>
-    <refpurpose>the subordinate gid file</refpurpose>
+    <refpurpose>the configuration for subordinate group ids</refpurpose>
   </refnamediv>
 
   <refsect1 id='description'>
     <title>DESCRIPTION</title>
+    <para>
+      Subgid authorizes a group id to map ranges of group ids from its namespace
+      into child namespaces.
+    </para>
+    <para>
+      The delegation of the subordinate gids can be configured via the
+      <replaceable>subid</replaceable> field in
+      <filename>/etc/nsswitch.conf</filename> file. Only one value can be set
+      as the delegation source. Setting this field to
+      <replaceable>files</replaceable> configures the delegation of gids to
+      <filename>/etc/subgid</filename>. Setting any other value treats
+      the delegation as a plugin following with a name of the form
+      <replaceable>libsubid_$value.so</replaceable>. If the value or plugin is
+      missing, then the subordinate gid delegation falls back to
+      <replaceable>files</replaceable>.
+    </para>
+    <para>
+      Note, that <command>groupadd</command> will only create entries in
+      <filename>/etc/subgid</filename> if subid delegation is managed via subid
+      files.
+    </para>
+  </refsect1>
+
+  <refsect1 id='local-subordinate-delegation'>
+    <title>LOCAL SUBORDINATE DELEGATION</title>
     <para>
       Each line in <filename>/etc/subgid</filename> contains
       a user name and a range of subordinate group ids that user

man/subuid.5.xml

@@ -38,6 +38,11 @@
       <surname>Biederman</surname>
       <contrib>Creation, 2013</contrib>
     </author>
+    <author>
+      <firstname>Iker</firstname>
+      <surname>Pedrosa</surname>
+      <contrib>Developer, 2021</contrib>
+    </author>
   </refentryinfo>
   <refmeta>
     <refentrytitle>subuid</refentrytitle>
@@ -48,11 +53,36 @@
   </refmeta>
   <refnamediv id='name'>
     <refname>subuid</refname>
-    <refpurpose>the subordinate uid file</refpurpose>
+    <refpurpose>the configuration for subordinate user ids</refpurpose>
   </refnamediv>
 
   <refsect1 id='description'>
     <title>DESCRIPTION</title>
+    <para>
+      Subuid authorizes a user id to map ranges of user ids from its namespace
+      into child namespaces.
+    </para>
+    <para>
+      The delegation of the subordinate uids can be configured via the
+      <replaceable>subid</replaceable> field in
+      <filename>/etc/nsswitch.conf</filename> file. Only one value can be set
+      as the delegation source. Setting this field to
+      <replaceable>files</replaceable> configures the delegation of uids to
+      <filename>/etc/subuid</filename>. Setting any other value treats
+      the delegation as a plugin following with a name of the form
+      <replaceable>libsubid_$value.so</replaceable>. If the value or plugin is
+      missing, then the subordinate uid delegation falls back to
+      <replaceable>files</replaceable>.
+    </para>
+    <para>
+      Note, that <command>useradd</command> will only create entries in
+      <filename>/etc/subuid</filename> if subid delegation is managed via subid
+      files.
+    </para>
+  </refsect1>
+
+  <refsect1 id='local-subordinate-delegation'>
+    <title>LOCAL SUBORDINATE DELEGATION</title>
     <para>
       Each line in <filename>/etc/subuid</filename> contains
       a user name and a range of subordinate user ids that user

man/useradd.8.xml

@@ -181,8 +181,10 @@
 	    login directory. The default is to append the
 	    <replaceable>LOGIN</replaceable> name to
 	    <replaceable>BASE_DIR</replaceable> and use that as the login
-	    directory name. The directory <replaceable>HOME_DIR</replaceable>
-	    does not have to exist but will not be created if it is missing.
+	    directory name.  If the directory
+	    <replaceable>HOME_DIR</replaceable> does not exist, then it
+	    will be created unless the <option>-M</option> option is
+	    specified.
 	  </para>
 	</listitem>
       </varlistentry>
@@ -359,6 +361,11 @@
 	    <option>CREATE_HOME</option> is not enabled, no home
 	    directories are created.
 	  </para>
+	  <para>
+	    The directory where the user's home directory is created must
+	    exist and have proper SELinux context and permissions. Otherwise
+	    the user's home directory cannot be created or accessed.
+	  </para>
 	</listitem>
       </varlistentry>
       <varlistentry>
@@ -736,6 +743,12 @@
 	</listitem>
       </varlistentry>
       <varlistentry>
+	<term><filename>/etc/shadow-maint/useradd-pre.d/*</filename>, <filename>/etc/shadow-maint/useradd-post.d/*</filename></term>
+	<listitem>
+	  <para>Run-part files to execute during user addition. The environment variable <command>ACTION</command> will be populated with useradd and <command>SUBJECT</command> with the <command>username</command>. <filename>useradd-pre.d</filename> will be executed prior to any user addition. <filename>useradd-post.d</filename> will execute after user addition. If a script exits non-zero then execution will terminate.</para>
+	</listitem>
+      </varlistentry>
+  <varlistentry>
 	<term><filename>/etc/skel/</filename></term>
 	<listitem>
 	  <para>Directory containing default files.</para>

man/userdel.8.xml

@@ -228,6 +228,12 @@
 	  <para>Secure user account information.</para>
 	</listitem>
       </varlistentry>
+    <varlistentry>
+	<term><filename>/etc/shadow-maint/userdel-pre.d/*</filename>, <filename>/etc/shadow-maint/userdel-post.d/*</filename></term>
+	<listitem>
+	  <para>Run-part files to execute during user deletion. The environment variable <command>ACTION</command> will be populated with <command>userdel</command> and <command>SUBJECT</command> with the username. <filename>userdel-pre.d</filename> will be executed prior to any user deletion. <filename>userdel-post.d</filename> will execute after user deletion. If a script exits non-zero then execution will terminate.</para>
+	</listitem>
+      </varlistentry>
       <varlistentry condition="subids">
 	<term><filename>/etc/subgid</filename></term>
 	<listitem>

man/usermod.8.xml

@@ -143,7 +143,8 @@
 	    If the <option>-m</option>
 	    option is given, the contents of the current home directory will
 	    be moved to the new home directory, which is created if it does
-	    not already exist.
+	    not already exist. If the current home directory does not exist
+	    the new home directory will not be created.
 	  </para>
 	</listitem>
       </varlistentry>
@@ -205,6 +206,12 @@
 	    The group ownership of files outside of the user's home directory
 	    must be fixed manually.
 	  </para>
+	  <para>
+	    The change of the group ownership of files inside of the user's
+	    home directory is also not done if the home dir owner uid is
+	    different from the current or new user id. This is a safety measure
+	    for special home directories such as <filename>/</filename>.
+	  </para>
 	</listitem>
       </varlistentry>
       <varlistentry>
@@ -267,7 +274,8 @@
 	<listitem>
 	  <para>
 	    Move the content of the user's home directory to the new
-	    location.
+	    location. If the current home directory does not exist
+	    the new home directory will not be created.
 	  </para>
 	  <para>
 	    This option is only valid in combination with the
@@ -353,7 +361,7 @@
 	</term>
 	<listitem>
 	  <para>
-	    The name of the user's new login shell. Setting this field to
+	    The path of the user's new login shell. Setting this field to
 	    blank causes the system to select the default login shell.
 	  </para>
 	</listitem>
@@ -380,6 +388,12 @@
 	    The ownership of files outside of the user's home directory
 	    must be fixed manually.
 	  </para>
+	  <para>
+	    The change of the user ownership of files inside of the user's
+	    home directory is also not done if the home dir owner uid is
+	    different from the current or new user id. This is a safety measure
+	    for special home directories such as <filename>/</filename>.
+	  </para>
 	  <para>
 	    No checks will be performed with regard to the
 	    <option>UID_MIN</option>, <option>UID_MAX</option>,

po/bs.po

@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2016-09-18 14:03-0500\n"
+"POT-Creation-Date: 2021-07-04 12:20+0200\n"
 "PO-Revision-Date: 2004-05-09 12:03+0100\n"
 "Last-Translator: Safir Šećerović <sapphire@linux.org.ba>\n"
 "Language-Team: Bosnian <lokal@lugbih.org>\n"
@@ -52,6 +52,13 @@ msgstr "Šifra:"
 msgid "%s's Password: "
 msgstr "%s's Šifra: "
 
+msgid "Cannot open audit interface.\n"
+msgstr ""
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
 #, c-format
 msgid "[libsemanage]: %s\n"
 msgstr ""
@@ -292,14 +299,18 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
+#, c-format
+msgid ""
+"%s: Invalid configuration: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
+"(%lu)\n"
+msgstr ""
+
 #, c-format
 msgid "%s: Invalid configuration: GID_MIN (%lu), GID_MAX (%lu)\n"
 msgstr ""
 
 #, c-format
-msgid ""
-"%s: Invalid configuration: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
-"(%lu)\n"
+msgid "%s: Encountered error attempting to use preferred GID: %s\n"
 msgstr ""
 
 #, fuzzy, c-format
@@ -307,7 +318,12 @@ msgid "%s: failed to allocate memory: %s\n"
 msgstr "nepoznata grupa: %s\n"
 
 #, c-format
-msgid "%s: Can't get unique system GID (no more available GIDs)\n"
+msgid ""
+"%s: Can't get unique system GID (%s). Suppressing additional messages.\n"
+msgstr ""
+
+#, c-format
+msgid "%s: Can't get unique GID (%s). Suppressing additional messages.\n"
 msgstr ""
 
 #, c-format
@@ -315,9 +331,25 @@ msgid "%s: Can't get unique GID (no more available GIDs)\n"
 msgstr ""
 
 #, c-format
-msgid "%s: Invalid configuration: UID_MIN (%lu), UID_MAX (%lu)\n"
+msgid ""
+"%s: Invalid configuration: SUB_GID_MIN (%lu), SUB_GID_MAX (%lu), "
+"SUB_GID_COUNT (%lu)\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: Can't get unique subordinate GID range\n"
+msgstr "nepoznata grupa: %s\n"
+
+#, c-format
+msgid ""
+"%s: Invalid configuration: SUB_UID_MIN (%lu), SUB_UID_MAX (%lu), "
+"SUB_UID_COUNT (%lu)\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Can't get unique subordinate UID range\n"
+msgstr "nepoznata grupa: %s\n"
+
 #, c-format
 msgid ""
 "%s: Invalid configuration: SYS_UID_MIN (%lu), UID_MIN (%lu), SYS_UID_MAX "
@@ -325,13 +357,67 @@ msgid ""
 msgstr ""
 
 #, c-format
-msgid "%s: Can't get unique system UID (no more available UIDs)\n"
+msgid "%s: Invalid configuration: UID_MIN (%lu), UID_MAX (%lu)\n"
+msgstr ""
+
+#, c-format
+msgid "%s: Encountered error attempting to use preferred UID: %s\n"
+msgstr ""
+
+#, c-format
+msgid ""
+"%s: Can't get unique system UID (%s). Suppressing additional messages.\n"
+msgstr ""
+
+#, c-format
+msgid "%s: Can't get unique UID (%s). Suppressing additional messages.\n"
 msgstr ""
 
 #, c-format
 msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr ""
 
+#, c-format
+msgid "%s: Not enough arguments to form %u mappings\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: Try again later\n"
+msgid "%s: Memory allocation failure\n"
+msgstr "%s: Pokušajte ponovo kasnije\n"
+
+#, c-format
+msgid "%s: subuid overflow detected.\n"
+msgstr ""
+
+#, c-format
+msgid "%s: Invalid map file %s specified\n"
+msgstr ""
+
+#, c-format
+msgid "%s: Could not prctl(PR_SET_KEEPCAPS)\n"
+msgstr ""
+
+#, c-format
+msgid "%s: Could not seteuid to %d\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Could not set caps\n"
+msgstr "%s: nepoznat član %s\n"
+
+#, c-format
+msgid "%s: snprintf failed!\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: open of %s failed: %s\n"
+msgstr "nepoznata grupa: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: write to %s failed: %s\n"
+msgstr "nepoznata grupa: %s\n"
+
 msgid "Too many logins.\n"
 msgstr "Previše prijavljivanja.\n"
 
@@ -384,6 +470,24 @@ msgstr "Šifra:"
 msgid "passwd: password updated successfully\n"
 msgstr ""
 
+#, c-format
+msgid "%s: PAM modules requesting echoing are not supported.\n"
+msgstr ""
+
+#, c-format
+msgid "%s: conversation type %d not supported.\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: (user %s) pam_start failure %d\n"
+msgstr "%s: grupa %s postoji\n"
+
+#, c-format
+msgid ""
+"%s: (user %s) pam_chauthtok() failed, error:\n"
+"%s\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Mijenjam šifru za grupu %s\n"
@@ -416,12 +520,23 @@ msgstr "nepoznata grupa: %s\n"
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "nepoznata grupa: %s\n"
 
+#, c-format
+msgid "Unable to obtain random bytes.\n"
+msgstr ""
+
 #, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
 "Defaulting to DES.\n"
 msgstr ""
 
+#, c-format
+msgid ""
+"Unable to generate a salt from setting \"%s\", check your settings in "
+"ENCRYPT_METHOD and the corresponding configuration for your selected hash "
+"method.\n"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr ""
@@ -441,6 +556,14 @@ msgstr ""
 msgid "Can't change root directory to '%s'\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: user %s is currently logged in\n"
+msgstr "%s: grupa %s postoji\n"
+
+#, fuzzy, c-format
+msgid "%s: user %s is currently used by process %d\n"
+msgstr "%s: grupa %s postoji\n"
+
 msgid "Unable to determine your tty name."
 msgstr ""
 
@@ -466,6 +589,9 @@ msgstr ""
 msgid "  -h, --help                    display this help message and exit\n"
 msgstr ""
 
+msgid "  -i, --iso8601                 use YYYY-MM-DD when printing dates\n"
+msgstr ""
+
 msgid ""
 "  -I, --inactive INACTIVE       set password inactive after expiration\n"
 "                                to INACTIVE\n"
@@ -645,6 +771,10 @@ msgstr "Kućni telefon"
 msgid "Other"
 msgstr "Ostalo"
 
+#, c-format
+msgid "%s: fields too long\n"
+msgstr ""
+
 msgid "Cannot change ID to root.\n"
 msgstr ""
 
@@ -696,10 +826,6 @@ msgstr ""
 msgid "Changing the user information for %s\n"
 msgstr ""
 
-#, c-format
-msgid "%s: fields too long\n"
-msgstr ""
-
 #, c-format
 msgid ""
 "Usage: %s [options]\n"
@@ -720,8 +846,8 @@ msgid ""
 msgstr ""
 
 msgid ""
-"  -s, --sha-rounds              number of SHA rounds for the SHA*\n"
-"                                crypt algorithms\n"
+"  -s, --sha-rounds              number of rounds for the SHA, BCRYPT\n"
+"                                or YESCRYPT crypt algorithms\n"
 msgstr ""
 
 #, c-format
@@ -994,6 +1120,16 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr ""
 
+msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
+msgstr ""
+
+msgid "  -U, --users USERS             list of user members of this group\n"
+msgstr ""
+
+#, c-format
+msgid "Invalid member username %s\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: grupa %s postoji\n"
@@ -1018,6 +1154,11 @@ msgstr ""
 msgid "%s: Cannot setup cleanup service.\n"
 msgstr "%s: nepoznat član %s\n"
 
+msgid ""
+"  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/"
+"* files\n"
+msgstr ""
+
 msgid ""
 "  -f, --force                   delete group even if it is the primary group "
 "of a user\n"
@@ -1093,6 +1234,12 @@ msgstr ""
 msgid "%s: only root can use the -g/--group option\n"
 msgstr ""
 
+msgid ""
+"  -a, --append                  append the users mentioned by -U option to "
+"the group \n"
+"                                without removing existing user members\n"
+msgstr ""
+
 msgid "  -g, --gid GID                 change the group ID to GID\n"
 msgstr ""
 
@@ -1142,6 +1289,10 @@ msgstr ""
 msgid "  -s, --sort                    sort entries by UID\n"
 msgstr ""
 
+msgid ""
+"  -S, --silence-warnings        silence controversial/paranoid warnings\n"
+msgstr ""
+
 #, c-format
 msgid "%s: -s and -r are incompatible\n"
 msgstr ""
@@ -1248,7 +1399,8 @@ msgid ""
 "  -u, --user LOGIN              print lastlog record of the specified LOGIN\n"
 msgstr ""
 
-msgid "Username         Port     From             Latest"
+#, c-format
+msgid "Username         Port     From%*sLatest\n"
 msgstr ""
 
 msgid "Username                Port     Latest"
@@ -1257,10 +1409,22 @@ msgstr ""
 msgid "**Never logged in**"
 msgstr ""
 
+#, c-format
+msgid ""
+"%s: Selected uid(s) are higher than LASTLOG_UID_MAX (%lu),\n"
+"\tthe output might be incorrect.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: Failed to update the entry for UID %lu\n"
 msgstr "nepoznata grupa: %s\n"
 
+#, c-format
+msgid ""
+"%s: Selected uid(s) are higher than LASTLOG_UID_MAX (%lu),\n"
+"\tthey will not be updated.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: Failed to update the lastlog file\n"
 msgstr "nepoznata grupa: %s\n"
@@ -1377,6 +1541,49 @@ msgstr ""
 msgid "Usage: logoutd\n"
 msgstr ""
 
+#, c-format
+msgid "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"
+msgstr ""
+
+#, c-format
+msgid ""
+"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+msgstr ""
+
+#, c-format
+msgid "%s: kernel doesn't support setgroups restrictions\n"
+msgstr ""
+
+#, c-format
+msgid "%s: couldn't open process setgroups: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: failed to read setgroups: %s\n"
+msgstr "nepoznata grupa: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: failed to seek setgroups: %s\n"
+msgstr "nepoznata grupa: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: failed to setgroups %s policy: %s\n"
+msgstr "nepoznata grupa: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Could not open proc directory for target %u\n"
+msgstr "nepoznata grupa: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: Could not stat directory for target %u\n"
+msgstr "nepoznata grupa: %s\n"
+
+#, c-format
+msgid ""
+"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
+"gid:%lu pw_gid:%lu st_gid:%lu\n"
+msgstr ""
+
 msgid "Usage: newgrp [-] [group]\n"
 msgstr ""
 
@@ -1402,6 +1609,24 @@ msgstr "%s: grupa %s postoji\n"
 msgid "too many groups\n"
 msgstr ""
 
+#, c-format
+msgid "%s: uid range [%lu-%lu) -> [%lu-%lu) not allowed\n"
+msgstr ""
+
+#, c-format
+msgid ""
+"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+msgstr ""
+
+#, c-format
+msgid ""
+"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
+"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
+msgstr ""
+
+msgid "  -b, --badnames                allow bad names\n"
+msgstr ""
+
 msgid "  -r, --system                  create system accounts\n"
 msgstr ""
 
@@ -1441,6 +1666,10 @@ msgstr "%s: grupa %s postoji\n"
 msgid "%s: line %d: can't update password\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: line %d: homedir must be an absolute path\n"
+msgstr "%s: grupa %s postoji\n"
+
 #, fuzzy, c-format
 msgid "%s: line %d: mkdir %s failed: %s\n"
 msgstr "%s: grupa %s postoji\n"
@@ -1570,7 +1799,7 @@ msgid "%s: repository %s not supported\n"
 msgstr ""
 
 #, c-format
-msgid "%s: %s is not authorized to change the password of %s\n"
+msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr ""
 
 #, fuzzy, c-format
@@ -1716,9 +1945,11 @@ msgstr ""
 msgid "Session terminated, terminating shell..."
 msgstr ""
 
+#, c-format
 msgid " ...killed.\n"
 msgstr ""
 
+#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr ""
 
@@ -1730,7 +1961,7 @@ msgid "%s: %s\n"
 msgstr ""
 
 msgid ""
-"Usage: su [options] [LOGIN]\n"
+"Usage: su [options] [-] [username [args]]\n"
 "\n"
 "Options:\n"
 "  -c, --command COMMAND         pass COMMAND to the invoked shell\n"
@@ -1741,6 +1972,7 @@ msgid ""
 "                                keep the same shell\n"
 "  -s, --shell SHELL             use SHELL instead of the default in passwd\n"
 "\n"
+"If no username is given, assume root.\n"
 msgstr ""
 
 #, c-format
@@ -1749,6 +1981,14 @@ msgid ""
 "(Ignored)\n"
 msgstr ""
 
+#, c-format
+msgid "Password field is empty, this is forbidden for all accounts.\n"
+msgstr ""
+
+#, c-format
+msgid "Password field is empty, this is forbidden for super-user.\n"
+msgstr ""
+
 #, c-format
 msgid "You are not authorized to su %s\n"
 msgstr ""
@@ -1812,6 +2052,10 @@ msgstr ""
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: cannot create new defaults file: %s\n"
+msgstr "nepoznata grupa: %s\n"
+
 #, c-format
 msgid "%s: cannot create new defaults file\n"
 msgstr ""
@@ -1840,6 +2084,10 @@ msgstr "%s: grupa %s postoji\n"
 msgid "%s: too many groups specified (max %d).\n"
 msgstr ""
 
+#, c-format
+msgid "%s: Out of memory. Cannot find group '%s'.\n"
+msgstr ""
+
 #, c-format
 msgid ""
 "Usage: %s [options] LOGIN\n"
@@ -1849,12 +2097,19 @@ msgid ""
 "Options:\n"
 msgstr ""
 
+msgid "      --badnames                do not check for bad names\n"
+msgstr ""
+
 msgid ""
 "  -b, --base-dir BASE_DIR       base directory for the home directory of "
 "the\n"
 "                                new account\n"
 msgstr ""
 
+msgid ""
+"      --btrfs-subvolume-home    use BTRFS subvolume for home directory\n"
+msgstr ""
+
 msgid "  -c, --comment COMMENT         GECOS field of the new account\n"
 msgstr ""
 
@@ -1957,26 +2212,98 @@ msgstr ""
 msgid "%s: invalid shell '%s'\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: Warning: missing or non-executable shell '%s'\n"
+msgstr "%s: grupa %s postoji\n"
+
+#, c-format
+msgid "%s: -Z cannot be used with --prefix\n"
+msgstr ""
+
 #, c-format
 msgid "%s: -Z requires SELinux enabled kernel\n"
 msgstr ""
 
+#, c-format
+msgid "%s: invalid user name '%s': use --badname to ignore\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: failed to open the faillog file for UID %lu: %s\n"
+msgstr "nepoznata grupa: %s\n"
+
 #, c-format
 msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to close the faillog file for UID %lu: %s\n"
+msgstr "nepoznata grupa: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: failed to open the lastlog file for UID %lu: %s\n"
+msgstr "nepoznata grupa: %s\n"
+
 #, c-format
 msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to close the lastlog file for UID %lu: %s\n"
+msgstr "nepoznata grupa: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: failed to reset the tallylog entry of user \"%s\"\n"
+msgstr "nepoznata grupa: %s\n"
+
 #, fuzzy, c-format
 msgid "%s: failed to prepare the new %s entry\n"
 msgstr "nepoznata grupa: %s\n"
 
+#, c-format
+msgid "%s: error while duplicating string %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: cannot set SELinux context for home directory %s\n"
+msgstr "nepoznata grupa: %s\n"
+
+#, c-format
+msgid "%s: error while duplicating string in BTRFS check %s\n"
+msgstr ""
+
+#, c-format
+msgid "%s: home directory \"%s\" must be mounted on BTRFS\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: failed to create BTRFS subvolume: %s\n"
+msgstr "nepoznata grupa: %s\n"
+
 #, c-format
 msgid "%s: cannot create directory %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: warning: chown on `%s' failed: %m\n"
+msgstr "nepoznata grupa: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: warning: chmod on `%s' failed: %m\n"
+msgstr "nepoznata grupa: %s\n"
+
+#, fuzzy, c-format
+msgid "%s: warning: chown on '%s' failed: %m\n"
+msgstr "nepoznata grupa: %s\n"
+
+#, c-format
+msgid "%s: cannot reset SELinux file creation context\n"
+msgstr ""
+
+#, c-format
+msgid "%s: cannot set SELinux context for mailbox file %s\n"
+msgstr ""
+
 msgid "Creating mailbox file"
 msgstr ""
 
@@ -1987,6 +2314,17 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr ""
 
+#, c-format
+msgid ""
+"%s warning: %s's uid %d outside of the SYS_UID_MIN %d and SYS_UID_MAX %d "
+"range.\n"
+msgstr ""
+
+#, c-format
+msgid ""
+"%s warning: %s's uid %d outside of the UID_MIN %d and UID_MAX %d range.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: user '%s' already exists\n"
 msgstr "%s: grupa %s postoji\n"
@@ -2022,8 +2360,8 @@ msgstr "nepoznata grupa: %s\n"
 
 #, c-format
 msgid ""
-"%s: warning: the home directory already exists.\n"
-"Not copying any file from skel directory into it.\n"
+"%s: warning: the home directory %s already exists.\n"
+"%s: Not copying any file from skel directory into it.\n"
 msgstr ""
 
 #, c-format
@@ -2031,8 +2369,10 @@ msgid "%s: warning: the user name %s to %s SELinux user mapping failed.\n"
 msgstr ""
 
 msgid ""
-"  -f, --force                   force removal of files,\n"
-"                                even if not owned by user\n"
+"  -f, --force                   force some actions that would fail "
+"otherwise\n"
+"                                e.g. removal of user still logged in\n"
+"                                or files, even if not owned by the user\n"
 msgstr ""
 
 msgid "  -r, --remove                  remove home directory and mail spool\n"
@@ -2100,6 +2440,10 @@ msgstr ""
 msgid "%s: not removing directory %s (would remove home of user %s)\n"
 msgstr ""
 
+#, c-format
+msgid "%s: error removing subvolume %s\n"
+msgstr ""
+
 #, c-format
 msgid "%s: error removing directory %s\n"
 msgstr ""
@@ -2188,6 +2532,10 @@ msgstr ""
 msgid "%s: user '%s' already exists in %s\n"
 msgstr "%s: grupa %s postoji\n"
 
+#, c-format
+msgid "%s: homedir must be an absolute path\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: invalid subordinate uid range '%s'\n"
 msgstr "nepoznata grupa: %s\n"
@@ -2230,6 +2578,10 @@ msgstr ""
 msgid "%s: Failed to change ownership of the home directory"
 msgstr ""
 
+#, c-format
+msgid "%s: error: cannot move subvolume from %s to %s - different device\n"
+msgstr ""
+
 #, c-format
 msgid "%s: warning: failed to completely remove old home directory %s"
 msgstr ""
@@ -2260,17 +2612,17 @@ msgstr ""
 msgid "%s: failed to remove uid range %lu-%lu from '%s'\n"
 msgstr "nepoznata grupa: %s\n"
 
-#, c-format
-msgid "%s: failed to add uid range %lu-%lu from '%s'\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: failed to add uid range %lu-%lu to '%s'\n"
+msgstr "nepoznata grupa: %s\n"
 
 #, fuzzy, c-format
 msgid "%s: failed to remove gid range %lu-%lu from '%s'\n"
 msgstr "nepoznata grupa: %s\n"
 
-#, c-format
-msgid "%s: failed to add gid range %lu-%lu from '%s'\n"
-msgstr ""
+#, fuzzy, c-format
+msgid "%s: failed to add gid range %lu-%lu to '%s'\n"
+msgstr "nepoznata grupa: %s\n"
 
 #, c-format
 msgid ""

po/ca.po

@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.0.18\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2016-09-18 14:03-0500\n"
+"POT-Creation-Date: 2021-07-04 12:20+0200\n"
 "PO-Revision-Date: 2012-01-22 18:25+0100\n"
 "Last-Translator: Innocent De Marchi <tangram.peces@gmail.com>\n"
 "Language-Team: Catalan <debian-l10n-catalan@lists.debian.org>\n"
@@ -56,6 +56,15 @@ msgstr "Contrasenya: "
 msgid "%s's Password: "
 msgstr "Contrasenya de l'usuari %s: "
 
+#, fuzzy
+#| msgid "Cannot open audit interface - aborting.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "No es pot obrir la interfície d'auditoria - cancel·lant.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
 #, c-format
 msgid "[libsemanage]: %s\n"
 msgstr "[libsemanage]: %s\n"
@@ -308,10 +317,6 @@ msgstr[1] ""
 "S'han produït %d fallades des de l'últim accés.\n"
 "L'últim va ser %s en %s.\n"
 
-#, c-format
-msgid "%s: Invalid configuration: GID_MIN (%lu), GID_MAX (%lu)\n"
-msgstr "%s: Configuració incorrecta: GID_MIN (%lu), GID_MAX (%lu)\n"
-
 #, c-format
 msgid ""
 "%s: Invalid configuration: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
@@ -320,22 +325,63 @@ msgstr ""
 "%s: Configuració incorrecta: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
 "(%lu)\n"
 
+#, c-format
+msgid "%s: Invalid configuration: GID_MIN (%lu), GID_MAX (%lu)\n"
+msgstr "%s: Configuració incorrecta: GID_MIN (%lu), GID_MAX (%lu)\n"
+
+#, c-format
+msgid "%s: Encountered error attempting to use preferred GID: %s\n"
+msgstr ""
+
 #, c-format
 msgid "%s: failed to allocate memory: %s\n"
 msgstr "%s: no es pot assignar memòria: %s\n"
 
-#, c-format
-msgid "%s: Can't get unique system GID (no more available GIDs)\n"
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique system GID (no more available GIDs)\n"
+msgid ""
+"%s: Can't get unique system GID (%s). Suppressing additional messages.\n"
 msgstr ""
 "%s: no es pot obtenir un GID de sistema únic (no hi ha més GID disponibles)\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique GID (no more available GIDs)\n"
+msgid "%s: Can't get unique GID (%s). Suppressing additional messages.\n"
+msgstr "%s: no es pot obtenir un GID únic (no hi ha més GID disponibles)\n"
+
 #, c-format
 msgid "%s: Can't get unique GID (no more available GIDs)\n"
 msgstr "%s: no es pot obtenir un GID únic (no hi ha més GID disponibles)\n"
 
-#, c-format
-msgid "%s: Invalid configuration: UID_MIN (%lu), UID_MAX (%lu)\n"
-msgstr "%s: Configuració incorrecta: UID_MIN (%lu), UID_MAX (%lu)\n"
+#, fuzzy, c-format
+#| msgid ""
+#| "%s: Invalid configuration: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
+#| "(%lu)\n"
+msgid ""
+"%s: Invalid configuration: SUB_GID_MIN (%lu), SUB_GID_MAX (%lu), "
+"SUB_GID_COUNT (%lu)\n"
+msgstr ""
+"%s: Configuració incorrecta: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
+"(%lu)\n"
+
+#, fuzzy, c-format
+msgid "%s: Can't get unique subordinate GID range\n"
+msgstr "%s: no es pot generar l'usuari\n"
+
+#, fuzzy, c-format
+#| msgid ""
+#| "%s: Invalid configuration: SYS_UID_MIN (%lu), UID_MIN (%lu), SYS_UID_MAX "
+#| "(%lu)\n"
+msgid ""
+"%s: Invalid configuration: SUB_UID_MIN (%lu), SUB_UID_MAX (%lu), "
+"SUB_UID_COUNT (%lu)\n"
+msgstr ""
+"%s: Configuració incorrecta: SYS_UID_MIN (%lu), UID_MIN (%lu), SYS_UID_MAX "
+"(%lu)\n"
+
+#, fuzzy, c-format
+msgid "%s: Can't get unique subordinate UID range\n"
+msgstr "%s: no es pot generar l'usuari\n"
 
 #, c-format
 msgid ""
@@ -346,13 +392,77 @@ msgstr ""
 "(%lu)\n"
 
 #, c-format
-msgid "%s: Can't get unique system UID (no more available UIDs)\n"
+msgid "%s: Invalid configuration: UID_MIN (%lu), UID_MAX (%lu)\n"
+msgstr "%s: Configuració incorrecta: UID_MIN (%lu), UID_MAX (%lu)\n"
+
+#, c-format
+msgid "%s: Encountered error attempting to use preferred UID: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique system UID (no more available UIDs)\n"
+msgid ""
+"%s: Can't get unique system UID (%s). Suppressing additional messages.\n"
 msgstr "%s: no es pot obtenir un UID únic (no hi ha més UID disponibles)\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique UID (no more available UIDs)\n"
+msgid "%s: Can't get unique UID (%s). Suppressing additional messages.\n"
+msgstr "%s: no es pot obtenir un GID únic (no hi ha més GID disponibles)\n"
+
 #, c-format
 msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: no es pot obtenir un GID únic (no hi ha més GID disponibles)\n"
 
+#, c-format
+msgid "%s: Not enough arguments to form %u mappings\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: Authentication failure\n"
+msgid "%s: Memory allocation failure\n"
+msgstr "%s: l'autenticació ha fallat\n"
+
+#, c-format
+msgid "%s: subuid overflow detected.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: invalid field '%s'\n"
+msgid "%s: Invalid map file %s specified\n"
+msgstr "%s: el camp «%s» no és vàlid\n"
+
+#, c-format
+msgid "%s: Could not prctl(PR_SET_KEEPCAPS)\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Could not set name for %s\n"
+msgid "%s: Could not seteuid to %d\n"
+msgstr "No s'ha pogut establir el nom per a %s\n"
+
+#, fuzzy, c-format
+#| msgid "Could not set name for %s\n"
+msgid "%s: Could not set caps\n"
+msgstr "No s'ha pogut establir el nom per a %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: can't open file\n"
+msgid "%s: snprintf failed!\n"
+msgstr "%s: no es pot obrir el fitxer\n"
+
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: open of %s failed: %s\n"
+msgstr ""
+"%s: línia %d: no s'ha pogut canviar el propietari (ordre «chown»)  %s: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: write to %s failed: %s\n"
+msgstr ""
+"%s: línia %d: no s'ha pogut canviar el propietari (ordre «chown»)  %s: %s\n"
+
 msgid "Too many logins.\n"
 msgstr "Massa entrades.\n"
 
@@ -404,6 +514,27 @@ msgstr "passwd: contrasenya sense canvis\n"
 msgid "passwd: password updated successfully\n"
 msgstr "passwd: s'ha actualitzat la contrasenya satisfactòriament\n"
 
+#, c-format
+msgid "%s: PAM modules requesting echoing are not supported.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: repository %s not supported\n"
+msgid "%s: conversation type %d not supported.\n"
+msgstr "%s: el dipòsit %s no és admès\n"
+
+#, fuzzy, c-format
+#| msgid "%s: pam_start: error %d\n"
+msgid "%s: (user %s) pam_start failure %d\n"
+msgstr "%s: pam_start: error %d\n"
+
+#, fuzzy, c-format
+#| msgid "passwd: pam_start() failed, error %d\n"
+msgid ""
+"%s: (user %s) pam_chauthtok() failed, error:\n"
+"%s\n"
+msgstr "passwd: pam_start() ha fallat, error %d\n"
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "La contrasenya és incorrecta per a «%s».\n"
@@ -436,6 +567,10 @@ msgstr "%s: no es pot accedir al directori «chroot» %s: %s\n"
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: no es pot executar «chroot» en el directori %s: %s\n"
 
+#, c-format
+msgid "Unable to obtain random bytes.\n"
+msgstr ""
+
 #, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
@@ -444,6 +579,13 @@ msgstr ""
 "Valor incorrecta d'ENCRYPT_METHOD: «%s».\n"
 "Valor per defecte a DES.\n"
 
+#, c-format
+msgid ""
+"Unable to generate a salt from setting \"%s\", check your settings in "
+"ENCRYPT_METHOD and the corresponding configuration for your selected hash "
+"method.\n"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "No es pot canviar al directori «%s»\n"
@@ -463,6 +605,15 @@ msgstr "El directori arrel «%s» no és vàlid\n"
 msgid "Can't change root directory to '%s'\n"
 msgstr "No es pot canviar el directori arrel a «%s»\n"
 
+#, c-format
+msgid "%s: user %s is currently logged in\n"
+msgstr "%s: l'usuari %s està actualment dins el sistema\n"
+
+#, fuzzy, c-format
+#| msgid "%s: user %s is currently logged in\n"
+msgid "%s: user %s is currently used by process %d\n"
+msgstr "%s: l'usuari %s està actualment dins el sistema\n"
+
 msgid "Unable to determine your tty name."
 msgstr "No s'ha pogut determinar el nom del vostre tty."
 
@@ -497,6 +648,11 @@ msgstr ""
 msgid "  -h, --help                    display this help message and exit\n"
 msgstr "  -h, --help                    mostra aquesta ajuda i acaba\n"
 
+#, fuzzy
+#| msgid "  -g, --group                   edit group database\n"
+msgid "  -i, --iso8601                 use YYYY-MM-DD when printing dates\n"
+msgstr "  -g, --group                   edita la base de dades del grup\n"
+
 msgid ""
 "  -I, --inactive INACTIVE       set password inactive after expiration\n"
 "                                to INACTIVE\n"
@@ -696,6 +852,10 @@ msgstr "Telèfon de casa"
 msgid "Other"
 msgstr "Altre"
 
+#, c-format
+msgid "%s: fields too long\n"
+msgstr "%s: els camps són massa llargs\n"
+
 msgid "Cannot change ID to root.\n"
 msgstr "No es pot canviar l'ID al de root.\n"
 
@@ -748,10 +908,6 @@ msgstr "%s: «%s» és el mestre NIS per a aquest client.\n"
 msgid "Changing the user information for %s\n"
 msgstr "S'està canviant la informació d'usuari per a %s\n"
 
-#, c-format
-msgid "%s: fields too long\n"
-msgstr "%s: els camps són massa llargs\n"
-
 #, c-format
 msgid ""
 "Usage: %s [options]\n"
@@ -779,9 +935,13 @@ msgstr ""
 "                                l'algorisme MD5\n"
 
 # traducció dubtosa
+#, fuzzy
+#| msgid ""
+#| "  -s, --sha-rounds              number of SHA rounds for the SHA*\n"
+#| "                                crypt algorithms\n"
 msgid ""
-"  -s, --sha-rounds              number of SHA rounds for the SHA*\n"
-"                                crypt algorithms\n"
+"  -s, --sha-rounds              number of rounds for the SHA, BCRYPT\n"
+"                                or YESCRYPT crypt algorithms\n"
 msgstr ""
 " -s, --sha-rounds              nombre de passos SHA pel\n"
 "                                algorisme de xifratge SHA*\n"
@@ -1104,6 +1264,22 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  genera un compte del sistema\n"
 
+#, fuzzy
+#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
+msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
+msgstr ""
+"  -R, --root CHROOT_DIR         fes «chroot» en el directori CHROOT_DIR \n"
+
+#, fuzzy
+#| msgid "  -l, --list                    list the members of the group\n"
+msgid "  -U, --users USERS             list of user members of this group\n"
+msgstr "  -l, --list                    llista els membres del grup\n"
+
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Invalid member username %s\n"
+msgstr "el nom d'usuari «%s» no és vàlid\n"
+
 #, c-format
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: «%s» no és un nom de grup vàlid\n"
@@ -1128,6 +1304,11 @@ msgstr "%s: el GID '%lu ja existeix\n"
 msgid "%s: Cannot setup cleanup service.\n"
 msgstr "%s: no es pot configurar el servei de neteja.\n"
 
+msgid ""
+"  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/"
+"* files\n"
+msgstr ""
+
 #, fuzzy
 msgid ""
 "  -f, --force                   delete group even if it is the primary group "
@@ -1216,6 +1397,22 @@ msgstr "%s: el seu nom de grup no concorda amb el seu nom d'usuari\n"
 msgid "%s: only root can use the -g/--group option\n"
 msgstr "%s:només l'usuari «root» pot fer servir l'opció -g/--group\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -a, --append                  append the user to the supplemental "
+#| "GROUPS\n"
+#| "                                mentioned by the -G option without "
+#| "removing\n"
+#| "                                the user from other groups\n"
+msgid ""
+"  -a, --append                  append the users mentioned by -U option to "
+"the group \n"
+"                                without removing existing user members\n"
+msgstr ""
+"  -a, --append                  afegeix l'usuari als GRUPS addicionals\n"
+"                                llistats amb la opció -G sense eliminar-los\n"
+"                                d'altres grups\n"
+
 msgid "  -g, --gid GID                 change the group ID to GID\n"
 msgstr "  -g, --gid GID                 canvia l'ID del grup per GID\n"
 
@@ -1276,6 +1473,10 @@ msgstr ""
 msgid "  -s, --sort                    sort entries by UID\n"
 msgstr "  -s, --sort                    ordena les entrades per UID\n"
 
+msgid ""
+"  -S, --silence-warnings        silence controversial/paranoid warnings\n"
+msgstr ""
+
 #, c-format
 msgid "%s: -s and -r are incompatible\n"
 msgstr "%s: «-s» i «-r» són incompatibles\n"
@@ -1394,8 +1595,10 @@ msgid ""
 msgstr ""
 "  -u, --user USUARI              mostra el registre de lastlog de l'USUARI\n"
 
-msgid "Username         Port     From             Latest"
-msgstr "Usuari           Port     Des de           Últim"
+#, fuzzy, c-format
+#| msgid "Username                Port     Latest"
+msgid "Username         Port     From%*sLatest\n"
+msgstr "Usuari                  Port     Últim"
 
 msgid "Username                Port     Latest"
 msgstr "Usuari                  Port     Últim"
@@ -1403,10 +1606,22 @@ msgstr "Usuari                  Port     Últim"
 msgid "**Never logged in**"
 msgstr "**No ha entrat mai**"
 
+#, c-format
+msgid ""
+"%s: Selected uid(s) are higher than LASTLOG_UID_MAX (%lu),\n"
+"\tthe output might be incorrect.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: Failed to update the entry for UID %lu\n"
 msgstr "%s: No s'ha pogut obtenir l'entrada de la UID %lu\n"
 
+#, c-format
+msgid ""
+"%s: Selected uid(s) are higher than LASTLOG_UID_MAX (%lu),\n"
+"\tthey will not be updated.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: Failed to update the lastlog file\n"
 msgstr "%s: no es pot actualitzar el fitxer de contrasenyes\n"
@@ -1534,6 +1749,55 @@ msgstr ""
 msgid "Usage: logoutd\n"
 msgstr "Forma d'ús: logoutd\n"
 
+#, c-format
+msgid "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"
+msgstr ""
+
+#, c-format
+msgid ""
+"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+msgstr ""
+
+#, c-format
+msgid "%s: kernel doesn't support setgroups restrictions\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: can't open group file\n"
+msgid "%s: couldn't open process setgroups: %s\n"
+msgstr "%s: no es pot obrir el fitxer de grups\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to remove %s\n"
+msgid "%s: failed to read setgroups: %s\n"
+msgstr "%s: fallida en eliminar %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to remove %s\n"
+msgid "%s: failed to seek setgroups: %s\n"
+msgstr "%s: fallida en eliminar %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to unlock %s\n"
+msgid "%s: failed to setgroups %s policy: %s\n"
+msgstr "%s: ha fallat el desbloqueig de %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to find tcb directory for %s\n"
+msgid "%s: Could not open proc directory for target %u\n"
+msgstr "%s: no es pot trobar el directori «tcb» per %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: Failed to create tcb directory for %s\n"
+msgid "%s: Could not stat directory for target %u\n"
+msgstr "%s: no es pot generar el directori «tcb» per a %s\n"
+
+#, c-format
+msgid ""
+"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
+"gid:%lu pw_gid:%lu st_gid:%lu\n"
+msgstr ""
+
 msgid "Usage: newgrp [-] [group]\n"
 msgstr "Forma d'ús: newgrp [-] [grup]\n"
 
@@ -1558,6 +1822,26 @@ msgstr "%s: el GID »%lu« no existeix\n"
 msgid "too many groups\n"
 msgstr "hi ha massa grups\n"
 
+#, c-format
+msgid "%s: uid range [%lu-%lu) -> [%lu-%lu) not allowed\n"
+msgstr ""
+
+#, c-format
+msgid ""
+"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+msgstr ""
+
+#, c-format
+msgid ""
+"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
+"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
+msgstr ""
+
+#, fuzzy
+#| msgid "  -q, --quiet                   quiet mode\n"
+msgid "  -b, --badnames                allow bad names\n"
+msgstr "  -q, --quiet                   mode silenciós\n"
+
 msgid "  -r, --system                  create system accounts\n"
 msgstr "  -r, --system                  genera els comptes del sistema\n"
 
@@ -1599,6 +1883,12 @@ msgstr "%s: line %d: l'usuari «%s» no existeix a %s\n"
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: línia %d: no es pot actualitzar la contrasenya\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: mkdir %s failed: %s\n"
+msgid "%s: line %d: homedir must be an absolute path\n"
+msgstr ""
+"%s: línia %d: no s'ha pogut generar el directori «%s» (ordre mkdir): %s\n"
+
 #, c-format
 msgid "%s: line %d: mkdir %s failed: %s\n"
 msgstr ""
@@ -1754,8 +2044,9 @@ msgstr ""
 msgid "%s: repository %s not supported\n"
 msgstr "%s: el dipòsit %s no és admès\n"
 
-#, c-format
-msgid "%s: %s is not authorized to change the password of %s\n"
+#, fuzzy, c-format
+#| msgid "%s: %s is not authorized to change the password of %s\n"
+msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr "%s: %s no està autoritzat per canviar la contrasenya de %s\n"
 
 #, c-format
@@ -1912,9 +2203,11 @@ msgstr "%s: el senyal emmascara un error\n"
 msgid "Session terminated, terminating shell..."
 msgstr "Sessió acabada, finalitzant el «shell»..."
 
+#, c-format
 msgid " ...killed.\n"
 msgstr "...mort.\n"
 
+#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr "...esperant al fill per acabar.\n"
 
@@ -1925,8 +2218,22 @@ msgstr "...acabat.\n"
 msgid "%s: %s\n"
 msgstr "%s: %s\n"
 
+#, fuzzy
+#| msgid ""
+#| "Usage: su [options] [LOGIN]\n"
+#| "\n"
+#| "Options:\n"
+#| "  -c, --command COMMAND         pass COMMAND to the invoked shell\n"
+#| "  -h, --help                    display this help message and exit\n"
+#| "  -, -l, --login                make the shell a login shell\n"
+#| "  -m, -p,\n"
+#| "  --preserve-environment        do not reset environment variables, and\n"
+#| "                                keep the same shell\n"
+#| "  -s, --shell SHELL             use SHELL instead of the default in "
+#| "passwd\n"
+#| "\n"
 msgid ""
-"Usage: su [options] [LOGIN]\n"
+"Usage: su [options] [-] [username [args]]\n"
 "\n"
 "Options:\n"
 "  -c, --command COMMAND         pass COMMAND to the invoked shell\n"
@@ -1937,6 +2244,7 @@ msgid ""
 "                                keep the same shell\n"
 "  -s, --shell SHELL             use SHELL instead of the default in passwd\n"
 "\n"
+"If no username is given, assume root.\n"
 msgstr ""
 "Forma d'ús: su [opcions] [USUARI]\n"
 "\n"
@@ -1960,6 +2268,14 @@ msgstr ""
 "%s: %s\n"
 "(Ignorat)\n"
 
+#, c-format
+msgid "Password field is empty, this is forbidden for all accounts.\n"
+msgstr ""
+
+#, c-format
+msgid "Password field is empty, this is forbidden for super-user.\n"
+msgstr ""
+
 #, c-format
 msgid "You are not authorized to su %s\n"
 msgstr "No esteu autoritzats a usar «su %s»\n"
@@ -2024,6 +2340,11 @@ msgstr "%s: %s va ser generat, però no és possible eliminar-ho\n"
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%s: la configuració %s a %s serà ignorada\n"
 
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "%s: cannot create new defaults file: %s\n"
+msgstr "%s: no es pot crear un fitxer nou de preferències predeterminades\n"
+
 #, c-format
 msgid "%s: cannot create new defaults file\n"
 msgstr "%s: no es pot crear un fitxer nou de preferències predeterminades\n"
@@ -2052,6 +2373,11 @@ msgstr "%s: el grup «%s» és un grup NIS.\n"
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: s'han especificat massa grups (màx de %d).\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Out of memory. Cannot update %s.\n"
+msgid "%s: Out of memory. Cannot find group '%s'.\n"
+msgstr "%s: s'ha exhaurit la memòria. No es pot actualitzar %s.\n"
+
 #, c-format
 msgid ""
 "Usage: %s [options] LOGIN\n"
@@ -2066,6 +2392,12 @@ msgstr ""
 "\n"
 "Opcions:\n"
 
+#, fuzzy
+#| msgid "  -s, --shadow                  edit shadow or gshadow database\n"
+msgid "      --badnames                do not check for bad names\n"
+msgstr ""
+"  -s, --shadow                  edita la base de dades «shadow» o «gshadow»\n"
+
 msgid ""
 "  -b, --base-dir BASE_DIR       base directory for the home directory of "
 "the\n"
@@ -2074,6 +2406,10 @@ msgstr ""
 "  -b, --base-dir BASE_DIR       directori base per al directori arrel del\n"
 "                                compte nou\n"
 
+msgid ""
+"      --btrfs-subvolume-home    use BTRFS subvolume for home directory\n"
+msgstr ""
+
 msgid "  -c, --comment COMMENT         GECOS field of the new account\n"
 msgstr "  -c, --comment COMMENT         camp GECOS del nou compte\n"
 
@@ -2196,28 +2532,125 @@ msgstr "%s: el camp «%s» no és vàlid\n"
 msgid "%s: invalid shell '%s'\n"
 msgstr "%s: l'intèrpret «%s» no és vàlid\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Warning: %s is not executable\n"
+msgid "%s: Warning: missing or non-executable shell '%s'\n"
+msgstr "%s: Advertència: %s no és executable\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot rewrite password file\n"
+msgid "%s: -Z cannot be used with --prefix\n"
+msgstr "%s: no es pot reescriure el fitxer de contrasenyes\n"
+
 #, c-format
 msgid "%s: -Z requires SELinux enabled kernel\n"
 msgstr "%s: -Z requereix nucli «SELinux» habilitat\n"
 
+#, fuzzy, c-format
+#| msgid "%s: invalid user name '%s'\n"
+msgid "%s: invalid user name '%s': use --badname to ignore\n"
+msgstr "%s: el nom d'usuari «%s» no és vàlid\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
+msgid "%s: failed to open the faillog file for UID %lu: %s\n"
+msgstr ""
+"%s: ha fallat el restabliment de l'entrada del registre d'errors de UID %lu: "
+"%s\n"
+
 #, c-format
 msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
 msgstr ""
 "%s: ha fallat el restabliment de l'entrada del registre d'errors de UID %lu: "
 "%s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
+msgid "%s: failed to close the faillog file for UID %lu: %s\n"
+msgstr ""
+"%s: ha fallat el restabliment de l'entrada del registre d'errors de UID %lu: "
+"%s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
+msgid "%s: failed to open the lastlog file for UID %lu: %s\n"
+msgstr "%s: ha fallat el restabliment del darrer registre de UID %lu: %s\n"
+
 #, c-format
 msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
 msgstr "%s: ha fallat el restabliment del darrer registre de UID %lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
+msgid "%s: failed to close the lastlog file for UID %lu: %s\n"
+msgstr "%s: ha fallat el restabliment del darrer registre de UID %lu: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
+msgid "%s: failed to reset the tallylog entry of user \"%s\"\n"
+msgstr ""
+"%s: ha fallat el restabliment de l'entrada del registre d'errors de UID %lu: "
+"%s\n"
+
 #, fuzzy, c-format
 msgid "%s: failed to prepare the new %s entry\n"
 msgstr "%s: ha fallat la preparació de la nova entrada %s: «%s»\n"
 
+#, fuzzy, c-format
+#| msgid "%s: error updating files\n"
+msgid "%s: error while duplicating string %s\n"
+msgstr "%s: s'ha produït un error en actualitzar el fitxer\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create directory %s\n"
+msgid "%s: cannot set SELinux context for home directory %s\n"
+msgstr "%s: no es pot crear el directori %s\n"
+
+#, c-format
+msgid "%s: error while duplicating string in BTRFS check %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: %s home directory (%s) not found\n"
+msgid "%s: home directory \"%s\" must be mounted on BTRFS\n"
+msgstr "%s: no s'ha trobat el directori personal (%s) de %s \n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to allocate memory: %s\n"
+msgid "%s: failed to create BTRFS subvolume: %s\n"
+msgstr "%s: no es pot assignar memòria: %s\n"
+
 #, c-format
 msgid "%s: cannot create directory %s\n"
 msgstr "%s: no es pot crear el directori %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: warning: chown on `%s' failed: %m\n"
+msgstr ""
+"%s: línia %d: no s'ha pogut canviar el propietari (ordre «chown»)  %s: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: warning: chmod on `%s' failed: %m\n"
+msgstr ""
+"%s: línia %d: no s'ha pogut canviar el propietari (ordre «chown»)  %s: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: warning: chown on '%s' failed: %m\n"
+msgstr ""
+"%s: línia %d: no s'ha pogut canviar el propietari (ordre «chown»)  %s: %s\n"
+
+#, c-format
+msgid "%s: cannot reset SELinux file creation context\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Cannot create SELinux login mapping for %s\n"
+msgid "%s: cannot set SELinux context for mailbox file %s\n"
+msgstr "No es pot generar el mapatge d'inici de sessió SELinux per a %s\n"
+
 msgid "Creating mailbox file"
 msgstr "S'està creant la bústia de correu"
 
@@ -2230,6 +2663,17 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "S'estan establint els permisos de la bústia de correu"
 
+#, c-format
+msgid ""
+"%s warning: %s's uid %d outside of the SYS_UID_MIN %d and SYS_UID_MAX %d "
+"range.\n"
+msgstr ""
+
+#, c-format
+msgid ""
+"%s warning: %s's uid %d outside of the UID_MIN %d and UID_MAX %d range.\n"
+msgstr ""
+
 #, c-format
 msgid "%s: user '%s' already exists\n"
 msgstr "%s: l'usuari «%s» existeix\n"
@@ -2265,10 +2709,13 @@ msgstr "%s: no es pot generar l'usuari\n"
 msgid "%s: can't create subordinate group IDs\n"
 msgstr "%s: no es pot generar el grup\n"
 
-#, c-format
+#, fuzzy, c-format
+#| msgid ""
+#| "%s: warning: the home directory already exists.\n"
+#| "Not copying any file from skel directory into it.\n"
 msgid ""
-"%s: warning: the home directory already exists.\n"
-"Not copying any file from skel directory into it.\n"
+"%s: warning: the home directory %s already exists.\n"
+"%s: Not copying any file from skel directory into it.\n"
 msgstr ""
 "%s: avís: el directori personal ja existeix.\n"
 "No s'hi copiarà cap fitxer del directori skel.\n"
@@ -2278,9 +2725,15 @@ msgid "%s: warning: the user name %s to %s SELinux user mapping failed.\n"
 msgstr ""
 "%s: avís: falla el nom d'usuari %s a %s a l'assignació d'usuaris «SELinux».\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -f, --force                   force removal of files,\n"
+#| "                                even if not owned by user\n"
 msgid ""
-"  -f, --force                   force removal of files,\n"
-"                                even if not owned by user\n"
+"  -f, --force                   force some actions that would fail "
+"otherwise\n"
+"                                e.g. removal of user still logged in\n"
+"                                or files, even if not owned by the user\n"
 msgstr ""
 "  -f, --force                   força l'eliminació de fitxers, encara que\n"
 "                                no siguin propietat de l'usuari\n"
@@ -2361,6 +2814,11 @@ msgstr ""
 "%s: no s'elimina el directori %s (eliminaria el directori personal de "
 "l'usuari %s)\n"
 
+#, fuzzy, c-format
+#| msgid "%s: error removing directory %s\n"
+msgid "%s: error removing subvolume %s\n"
+msgstr "%s: s'ha produït un error en eliminar el directori %s\n"
+
 #, c-format
 msgid "%s: error removing directory %s\n"
 msgstr "%s: s'ha produït un error en eliminar el directori %s\n"
@@ -2472,6 +2930,10 @@ msgstr ""
 msgid "%s: user '%s' already exists in %s\n"
 msgstr "%s: l'usuari «%s» ja existeix a %s\n"
 
+#, c-format
+msgid "%s: homedir must be an absolute path\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: invalid subordinate uid range '%s'\n"
 msgstr "%s: la data «%s» no és vàlida\n"
@@ -2516,6 +2978,10 @@ msgstr ""
 msgid "%s: Failed to change ownership of the home directory"
 msgstr "%s: No s'ha pogut canviar la propietat del directori d'inici"
 
+#, c-format
+msgid "%s: error: cannot move subvolume from %s to %s - different device\n"
+msgstr ""
+
 #, c-format
 msgid "%s: warning: failed to completely remove old home directory %s"
 msgstr ""
@@ -2552,7 +3018,7 @@ msgid "%s: failed to remove uid range %lu-%lu from '%s'\n"
 msgstr "%s: ha fallat la preparació de la nova entrada %s: «%s»\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to add uid range %lu-%lu from '%s'\n"
+msgid "%s: failed to add uid range %lu-%lu to '%s'\n"
 msgstr "%s: ha fallat la preparació de la nova entrada %s: «%s»\n"
 
 #, fuzzy, c-format
@@ -2560,7 +3026,7 @@ msgid "%s: failed to remove gid range %lu-%lu from '%s'\n"
 msgstr "%s: ha fallat la preparació de la nova entrada %s: «%s»\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to add gid range %lu-%lu from '%s'\n"
+msgid "%s: failed to add gid range %lu-%lu to '%s'\n"
 msgstr "%s: ha fallat la preparació de la nova entrada %s: «%s»\n"
 
 #, c-format
@@ -2653,6 +3119,9 @@ msgstr "%s: no es pot restaurar %s: %s (els seus canvis estan a %s)\n"
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: no es pot trobar el directori «tcb» per %s\n"
 
+#~ msgid "Username         Port     From             Latest"
+#~ msgstr "Usuari           Port     Des de           Últim"
+
 #~ msgid "  -c, --crypt-method            the crypt method (one of %s)\n"
 #~ msgstr "  -c, --crypt-method            el mètode d'encriptat (un de %s)\n"
 
@@ -2921,9 +3390,6 @@ msgstr "%s: no es pot trobar el directori «tcb» per %s\n"
 #~ "                                de correu\n"
 #~ "\n"
 
-#~ msgid "%s: user %s is currently logged in\n"
-#~ msgstr "%s: l'usuari %s està actualment dins el sistema\n"
-
 #~ msgid ""
 #~ "Usage: usermod [options] LOGIN\n"
 #~ "\n"
@@ -3300,9 +3766,6 @@ msgstr "%s: no es pot trobar el directori «tcb» per %s\n"
 #~ msgid "%s: can't lock group file\n"
 #~ msgstr "%s: no es pot blocar el fitxer de grups\n"
 
-#~ msgid "%s: can't open group file\n"
-#~ msgstr "%s: no es pot obrir el fitxer de grups\n"
-
 #~ msgid "%s: can't lock gshadow file\n"
 #~ msgstr "%s: no s'ha pogut blocar el fitxer de contrasenyes ombra\n"
 
@@ -3371,9 +3834,6 @@ msgstr "%s: no es pot trobar el directori «tcb» per %s\n"
 #~ msgstr ""
 #~ "%s: no es pot obtenir el bloqueig del fitxer de contrasenyes ombra\n"
 
-#~ msgid "%s: can't open file\n"
-#~ msgstr "%s: no es pot obrir el fitxer\n"
-
 #~ msgid "%s: can't re-write shadow file\n"
 #~ msgstr "%s: no es pot reescriure el fitxer ombra\n"
 
@@ -3538,9 +3998,6 @@ msgstr "%s: no es pot trobar el directori «tcb» per %s\n"
 #~ msgid "%s: can't open files\n"
 #~ msgstr "%s: no es poden obrir els fitxers\n"
 
-#~ msgid "%s: error updating files\n"
-#~ msgstr "%s: s'ha produït un error en actualitzar el fitxer\n"
-
 #~ msgid "%s: can't update passwd entry for %s\n"
 #~ msgstr "%s: no es pot actualitzar l'entrada de la contrasenya per a %s\n"
 
@@ -3572,9 +4029,6 @@ msgstr "%s: no es pot trobar el directori «tcb» per %s\n"
 #~ msgid "%s: Out of memory. Cannot update the shadow group database.\n"
 #~ msgstr "%s: sense memòria a update_gshadow\n"
 
-#~ msgid "%s: cannot rewrite password file\n"
-#~ msgstr "%s: no es pot reescriure el fitxer de contrasenyes\n"
-
 #~ msgid "%s: cannot rewrite shadow password file\n"
 #~ msgstr "%s: no es pot reescriure el fitxer de contrasenyes ombra\n"
 

po/cs.po

@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.2\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2016-09-18 14:03-0500\n"
+"POT-Creation-Date: 2021-07-04 12:20+0200\n"
 "PO-Revision-Date: 2014-08-24 15:07+0200\n"
 "Last-Translator: Miroslav Kure <kurem@debian.cz>\n"
 "Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n"
@@ -55,6 +55,15 @@ msgstr "Heslo: "
 msgid "%s's Password: "
 msgstr "Heslo uživatele %s: "
 
+#, fuzzy
+#| msgid "Cannot open audit interface - aborting.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "Nelze otevřít auditní rozhraní - končím.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
 #, c-format
 msgid "[libsemanage]: %s\n"
 msgstr "[libsemanage]: %s\n"
@@ -307,10 +316,6 @@ msgstr[2] ""
 "%d selhání od posledního přihlášení.\n"
 "Poslední: %s na %s.\n"
 
-#, c-format
-msgid "%s: Invalid configuration: GID_MIN (%lu), GID_MAX (%lu)\n"
-msgstr "%s: Neplatné nastavení: GID_MIN (%lu), GID_MAX (%lu)\n"
-
 #, c-format
 msgid ""
 "%s: Invalid configuration: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
@@ -318,21 +323,56 @@ msgid ""
 msgstr ""
 "%s: Neplatné nastavení: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX (%lu)\n"
 
+#, c-format
+msgid "%s: Invalid configuration: GID_MIN (%lu), GID_MAX (%lu)\n"
+msgstr "%s: Neplatné nastavení: GID_MIN (%lu), GID_MAX (%lu)\n"
+
+#, c-format
+msgid "%s: Encountered error attempting to use preferred GID: %s\n"
+msgstr ""
+
 #, c-format
 msgid "%s: failed to allocate memory: %s\n"
 msgstr "%s: selhala alokace paměti: %s\n"
 
-#, c-format
-msgid "%s: Can't get unique system GID (no more available GIDs)\n"
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique system GID (no more available GIDs)\n"
+msgid ""
+"%s: Can't get unique system GID (%s). Suppressing additional messages.\n"
 msgstr "%s: Nelze získat jedinečné systémové GID (volná GID neexistují)\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique GID (no more available GIDs)\n"
+msgid "%s: Can't get unique GID (%s). Suppressing additional messages.\n"
+msgstr "%s: Nelze získat jedinečné GID (volná GID neexistují)\n"
+
 #, c-format
 msgid "%s: Can't get unique GID (no more available GIDs)\n"
 msgstr "%s: Nelze získat jedinečné GID (volná GID neexistují)\n"
 
 #, c-format
-msgid "%s: Invalid configuration: UID_MIN (%lu), UID_MAX (%lu)\n"
-msgstr "%s: Neplatné nastavení: UID_MIN (%lu), UID_MAX (%lu)\n"
+msgid ""
+"%s: Invalid configuration: SUB_GID_MIN (%lu), SUB_GID_MAX (%lu), "
+"SUB_GID_COUNT (%lu)\n"
+msgstr ""
+"%s: Neplatné nastavení: SUB_GID_MIN (%lu), SUB_GID_MAX (%lu), SUB_GID_COUNT "
+"(%lu)\n"
+
+#, c-format
+msgid "%s: Can't get unique subordinate GID range\n"
+msgstr "%s: Nelze získat jedinečný rozsah podřízených GID\n"
+
+#, c-format
+msgid ""
+"%s: Invalid configuration: SUB_UID_MIN (%lu), SUB_UID_MAX (%lu), "
+"SUB_UID_COUNT (%lu)\n"
+msgstr ""
+"%s: Neplatné nastavení: SUB_UID_MIN (%lu), SUB_UID_MAX (%lu), SUB_UID_COUNT "
+"(%lu)\n"
+
+#, c-format
+msgid "%s: Can't get unique subordinate UID range\n"
+msgstr "%s: Nelze získat jedinečný rozsah podřízených UID\n"
 
 #, c-format
 msgid ""
@@ -342,13 +382,71 @@ msgstr ""
 "%s: Neplatné nastavení: SYS_UID_MIN (%lu), UID_MIN (%lu), SYS_UID_MAX (%lu)\n"
 
 #, c-format
-msgid "%s: Can't get unique system UID (no more available UIDs)\n"
+msgid "%s: Invalid configuration: UID_MIN (%lu), UID_MAX (%lu)\n"
+msgstr "%s: Neplatné nastavení: UID_MIN (%lu), UID_MAX (%lu)\n"
+
+#, c-format
+msgid "%s: Encountered error attempting to use preferred UID: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique system UID (no more available UIDs)\n"
+msgid ""
+"%s: Can't get unique system UID (%s). Suppressing additional messages.\n"
 msgstr "%s: Nelze získat jedinečné systémové UID (volná UID neexistují)\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique UID (no more available UIDs)\n"
+msgid "%s: Can't get unique UID (%s). Suppressing additional messages.\n"
+msgstr "%s: Nelze získat jedinečné UID (volná UID neexistují)\n"
+
 #, c-format
 msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: Nelze získat jedinečné UID (volná UID neexistují)\n"
 
+#, c-format
+msgid "%s: Not enough arguments to form %u mappings\n"
+msgstr "%s: Nedostatek argumentů pro vytvoření %u mapování\n"
+
+#, c-format
+msgid "%s: Memory allocation failure\n"
+msgstr "%s: Chyba alokace paměti\n"
+
+#, c-format
+msgid "%s: subuid overflow detected.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: invalid field '%s'\n"
+msgid "%s: Invalid map file %s specified\n"
+msgstr "%s: chybná položka „%s“\n"
+
+#, c-format
+msgid "%s: Could not prctl(PR_SET_KEEPCAPS)\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Could not set name for %s\n"
+msgid "%s: Could not seteuid to %d\n"
+msgstr "Nelze nastavit jméno uživatele %s\n"
+
+#, fuzzy, c-format
+#| msgid "Could not set name for %s\n"
+msgid "%s: Could not set caps\n"
+msgstr "Nelze nastavit jméno uživatele %s\n"
+
+#, c-format
+msgid "%s: snprintf failed!\n"
+msgstr "%s: snprintf selhalo!\n"
+
+#, c-format
+msgid "%s: open of %s failed: %s\n"
+msgstr "%s: otevření %s selhalo: %s\n"
+
+#, c-format
+msgid "%s: write to %s failed: %s\n"
+msgstr "%s: zápis do %s selhal: %s\n"
+
 msgid "Too many logins.\n"
 msgstr "Příliš mnoho přihlášení.\n"
 
@@ -400,6 +498,27 @@ msgstr "passwd: heslo nebylo změněno\n"
 msgid "passwd: password updated successfully\n"
 msgstr "passwd: heslo bylo úspěšně změněno\n"
 
+#, c-format
+msgid "%s: PAM modules requesting echoing are not supported.\n"
+msgstr ""
+"%s: PAM moduly vyžadující zobrazování zpětné vazby nejsou podporovány.\n"
+
+#, c-format
+msgid "%s: conversation type %d not supported.\n"
+msgstr "%s: typ konverzace %d není podporován.\n"
+
+#, c-format
+msgid "%s: (user %s) pam_start failure %d\n"
+msgstr "%s: (uživatel %s) chyba pam_start %d\n"
+
+#, c-format
+msgid ""
+"%s: (user %s) pam_chauthtok() failed, error:\n"
+"%s\n"
+msgstr ""
+"%s: (uživatel %s) volání pam_chauthtok() selhalo, chyba:\n"
+"%s\n"
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Chybné heslo pro %s.\n"
@@ -432,6 +551,10 @@ msgstr "%s: nelze přejít (chdir) do chroot adresáře %s: %s\n"
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: nelze změnit kořen (chroot) na adresář %s: %s\n"
 
+#, c-format
+msgid "Unable to obtain random bytes.\n"
+msgstr ""
+
 #, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
@@ -440,6 +563,13 @@ msgstr ""
 "Neplatná hodnota ENCRYPT_METHOD: „%s“.\n"
 "Používám DES.\n"
 
+#, c-format
+msgid ""
+"Unable to generate a salt from setting \"%s\", check your settings in "
+"ENCRYPT_METHOD and the corresponding configuration for your selected hash "
+"method.\n"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Nelze přejít do „%s“\n"
@@ -459,6 +589,14 @@ msgstr "Chybný kořenový adresář „%s“\n"
 msgid "Can't change root directory to '%s'\n"
 msgstr "Nelze změnit kořenový adresář na „%s“\n"
 
+#, c-format
+msgid "%s: user %s is currently logged in\n"
+msgstr "%s: uživatel %s je právě přihlášen\n"
+
+#, c-format
+msgid "%s: user %s is currently used by process %d\n"
+msgstr "%s: uživatel %s je momentálně používán procesem %d\n"
+
 msgid "Unable to determine your tty name."
 msgstr "Nelze zjistit vaše uživatelské jméno."
 
@@ -490,6 +628,11 @@ msgstr ""
 msgid "  -h, --help                    display this help message and exit\n"
 msgstr "  -h, --help                    zobrazí tuto nápovědu a skončí\n"
 
+#, fuzzy
+#| msgid "  -g, --group                   edit group database\n"
+msgid "  -i, --iso8601                 use YYYY-MM-DD when printing dates\n"
+msgstr "  -g, --group                   upraví databázi skupin\n"
+
 msgid ""
 "  -I, --inactive INACTIVE       set password inactive after expiration\n"
 "                                to INACTIVE\n"
@@ -679,6 +822,10 @@ msgstr "Telefon domů"
 msgid "Other"
 msgstr "Ostatní"
 
+#, c-format
+msgid "%s: fields too long\n"
+msgstr "%s: položka je příliš dlouhá\n"
+
 msgid "Cannot change ID to root.\n"
 msgstr "Nelze změnit ID na root.\n"
 
@@ -730,10 +877,6 @@ msgstr "%s: „%s“ je hlavním NIS serverem pro tohoto klienta.\n"
 msgid "Changing the user information for %s\n"
 msgstr "Měním informace o uživateli %s\n"
 
-#, c-format
-msgid "%s: fields too long\n"
-msgstr "%s: položka je příliš dlouhá\n"
-
 #, c-format
 msgid ""
 "Usage: %s [options]\n"
@@ -758,9 +901,13 @@ msgstr ""
 "  -m, --md5                     zašifruje nešifrované heslo\n"
 "                                algoritmem MD5\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -s, --sha-rounds              number of SHA rounds for the SHA*\n"
+#| "                                crypt algorithms\n"
 msgid ""
-"  -s, --sha-rounds              number of SHA rounds for the SHA*\n"
-"                                crypt algorithms\n"
+"  -s, --sha-rounds              number of rounds for the SHA, BCRYPT\n"
+"                                or YESCRYPT crypt algorithms\n"
 msgstr "  -s, --sha-rounds              počet SHA iterací algoritmu SHA*\n"
 
 #, c-format
@@ -1062,6 +1209,21 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  vytvoří systémový účet\n"
 
+#, fuzzy
+#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
+msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
+msgstr "  -R, --root CHROOT_ADRESÁŘ     adresář, do kterého přejít\n"
+
+#, fuzzy
+#| msgid "  -l, --list                    list the members of the group\n"
+msgid "  -U, --users USERS             list of user members of this group\n"
+msgstr "  -l, --list                    vypíše členy skupiny\n"
+
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Invalid member username %s\n"
+msgstr "chybné uživatelské jméno „%s“\n"
+
 #, c-format
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: „%s“ není platným jménem skupiny\n"
@@ -1086,6 +1248,11 @@ msgstr "%s: GID „%lu“ již existuje\n"
 msgid "%s: Cannot setup cleanup service.\n"
 msgstr "%s: nelze nastavit úklidovou službu.\n"
 
+msgid ""
+"  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/"
+"* files\n"
+msgstr ""
+
 #, fuzzy
 msgid ""
 "  -f, --force                   delete group even if it is the primary group "
@@ -1170,6 +1337,21 @@ msgstr "%s: vaše skupina neodpovídá vašemu uživatelskému jménu\n"
 msgid "%s: only root can use the -g/--group option\n"
 msgstr "%s: volbu -g/--group může používat pouze root\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -a, --append                  append the user to the supplemental "
+#| "GROUPS\n"
+#| "                                mentioned by the -G option without "
+#| "removing\n"
+#| "                                the user from other groups\n"
+msgid ""
+"  -a, --append                  append the users mentioned by -U option to "
+"the group \n"
+"                                without removing existing user members\n"
+msgstr ""
+"  -a, --append                  přidá uživatele do dalších SKUPIN zadaných\n"
+"                                volbou -G; neruší členství v ostatních sk.\n"
+
 msgid "  -g, --gid GID                 change the group ID to GID\n"
 msgstr "  -g, --gid GID                 změní ID skupiny na GID\n"
 
@@ -1229,6 +1411,10 @@ msgstr ""
 msgid "  -s, --sort                    sort entries by UID\n"
 msgstr "  -s, --sort                    řadí záznamy podle UID\n"
 
+msgid ""
+"  -S, --silence-warnings        silence controversial/paranoid warnings\n"
+msgstr ""
+
 #, c-format
 msgid "%s: -s and -r are incompatible\n"
 msgstr "%s: -s a -r nejsou slučitelné\n"
@@ -1345,8 +1531,10 @@ msgid ""
 msgstr ""
 "  -u, --user ÚČET               zobrazí záznamy lastlogu pro uživatele ÚČET\n"
 
-msgid "Username         Port     From             Latest"
-msgstr "Uživatel         Port     Z                Naposledy"
+#, fuzzy, c-format
+#| msgid "Username                Port     Latest"
+msgid "Username         Port     From%*sLatest\n"
+msgstr "Uživatel                Port     Naposledy"
 
 msgid "Username                Port     Latest"
 msgstr "Uživatel                Port     Naposledy"
@@ -1354,10 +1542,22 @@ msgstr "Uživatel                Port     Naposledy"
 msgid "**Never logged in**"
 msgstr "**Nikdy nebyl přihlášen**"
 
+#, c-format
+msgid ""
+"%s: Selected uid(s) are higher than LASTLOG_UID_MAX (%lu),\n"
+"\tthe output might be incorrect.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: Failed to update the entry for UID %lu\n"
 msgstr "%s: nepodařilo se získat záznam pro UID %lu\n"
 
+#, c-format
+msgid ""
+"%s: Selected uid(s) are higher than LASTLOG_UID_MAX (%lu),\n"
+"\tthey will not be updated.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: Failed to update the lastlog file\n"
 msgstr "%s: soubor s hesly nelze aktualizovat\n"
@@ -1484,6 +1684,55 @@ msgstr ""
 msgid "Usage: logoutd\n"
 msgstr "Použití: logoutd\n"
 
+#, c-format
+msgid "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"
+msgstr "%s: rozsah gid [%lu-%lu) -> [%lu-%lu) není povolen\n"
+
+#, c-format
+msgid ""
+"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+msgstr ""
+"použití: %s <pid> <gid> <spodnígid> <počet> [ <gid> <spodnígid> "
+"<počet> ] ...\n"
+
+#, c-format
+msgid "%s: kernel doesn't support setgroups restrictions\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: Could not open proc directory for target %u\n"
+msgid "%s: couldn't open process setgroups: %s\n"
+msgstr "%s: Nelze otevřít proc adresář cílového procesu %u\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to remove %s\n"
+msgid "%s: failed to read setgroups: %s\n"
+msgstr "%s: selhalo odstranění %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to remove %s\n"
+msgid "%s: failed to seek setgroups: %s\n"
+msgstr "%s: selhalo odstranění %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to unlock %s\n"
+msgid "%s: failed to setgroups %s policy: %s\n"
+msgstr "%s: nepodařilo se odemknout %s\n"
+
+#, c-format
+msgid "%s: Could not open proc directory for target %u\n"
+msgstr "%s: Nelze otevřít proc adresář cílového procesu %u\n"
+
+#, c-format
+msgid "%s: Could not stat directory for target %u\n"
+msgstr "%s: Nelze zavolat stat na adresář cílového procesu %u\n"
+
+#, c-format
+msgid ""
+"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
+"gid:%lu pw_gid:%lu st_gid:%lu\n"
+msgstr ""
+
 msgid "Usage: newgrp [-] [group]\n"
 msgstr "Použití: newgrp [-] [skupina]\n"
 
@@ -1508,6 +1757,28 @@ msgstr "%s: GID „%lu“ neexistuje\n"
 msgid "too many groups\n"
 msgstr "příliš mnoho skupin\n"
 
+#, c-format
+msgid "%s: uid range [%lu-%lu) -> [%lu-%lu) not allowed\n"
+msgstr "%s: rozsah uid [%lu-%lu) -> [%lu-%lu) není povolen\n"
+
+#, c-format
+msgid ""
+"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+msgstr ""
+"použití: %s <pid> <uid> <spodníuid> <počet> [ <uid> <spodníuid> "
+"<počet> ] ...\n"
+
+#, c-format
+msgid ""
+"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
+"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
+msgstr ""
+
+#, fuzzy
+#| msgid "  -q, --quiet                   quiet mode\n"
+msgid "  -b, --badnames                allow bad names\n"
+msgstr "  -q, --quiet                   tichý režim\n"
+
 msgid "  -r, --system                  create system accounts\n"
 msgstr "  -r, --system                  vytvoří systémový účet\n"
 
@@ -1548,6 +1819,11 @@ msgstr "%s: řádek %d: uživatel „%s“ v %s neexistuje\n"
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: řádek %d: heslo nelze aktualizovat\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: mkdir %s failed: %s\n"
+msgid "%s: line %d: homedir must be an absolute path\n"
+msgstr "%s: řádek %d: volání mkdir %s selhalo: %s\n"
+
 #, c-format
 msgid "%s: line %d: mkdir %s failed: %s\n"
 msgstr "%s: řádek %d: volání mkdir %s selhalo: %s\n"
@@ -1693,8 +1969,9 @@ msgstr ""
 msgid "%s: repository %s not supported\n"
 msgstr "%s: úložna %s není podporována\n"
 
-#, c-format
-msgid "%s: %s is not authorized to change the password of %s\n"
+#, fuzzy, c-format
+#| msgid "%s: %s is not authorized to change the password of %s\n"
+msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr "%s: %s není oprávněn změnit heslo %s\n"
 
 #, c-format
@@ -1848,9 +2125,11 @@ msgstr "%s: chyba maskování signálu\n"
 msgid "Session terminated, terminating shell..."
 msgstr "Sezení skončeno, ukončuji shell..."
 
+#, c-format
 msgid " ...killed.\n"
 msgstr " ...zabit.\n"
 
+#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr " ...čeká na ukončení potomka.\n"
 
@@ -1861,8 +2140,22 @@ msgstr " ...ukončen.\n"
 msgid "%s: %s\n"
 msgstr "%s: %s\n"
 
+#, fuzzy
+#| msgid ""
+#| "Usage: su [options] [LOGIN]\n"
+#| "\n"
+#| "Options:\n"
+#| "  -c, --command COMMAND         pass COMMAND to the invoked shell\n"
+#| "  -h, --help                    display this help message and exit\n"
+#| "  -, -l, --login                make the shell a login shell\n"
+#| "  -m, -p,\n"
+#| "  --preserve-environment        do not reset environment variables, and\n"
+#| "                                keep the same shell\n"
+#| "  -s, --shell SHELL             use SHELL instead of the default in "
+#| "passwd\n"
+#| "\n"
 msgid ""
-"Usage: su [options] [LOGIN]\n"
+"Usage: su [options] [-] [username [args]]\n"
 "\n"
 "Options:\n"
 "  -c, --command COMMAND         pass COMMAND to the invoked shell\n"
@@ -1873,6 +2166,7 @@ msgid ""
 "                                keep the same shell\n"
 "  -s, --shell SHELL             use SHELL instead of the default in passwd\n"
 "\n"
+"If no username is given, assume root.\n"
 msgstr ""
 "Použití: su [volby] [ÚČET]\n"
 "\n"
@@ -1895,6 +2189,14 @@ msgstr ""
 "%s: %s\n"
 "(Ignoruji)\n"
 
+#, c-format
+msgid "Password field is empty, this is forbidden for all accounts.\n"
+msgstr ""
+
+#, c-format
+msgid "Password field is empty, this is forbidden for super-user.\n"
+msgstr ""
+
 #, c-format
 msgid "You are not authorized to su %s\n"
 msgstr "Nejste oprávněn používat su %s\n"
@@ -1959,6 +2261,11 @@ msgstr "%s: %s byl vytvořen, ale nemůže být odstraněn\n"
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%s: nastavení %s v %s bude ignorováno\n"
 
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "%s: cannot create new defaults file: %s\n"
+msgstr "%s: nelze vytvořit nový soubor s výchozími hodnotami\n"
+
 #, c-format
 msgid "%s: cannot create new defaults file\n"
 msgstr "%s: nelze vytvořit nový soubor s výchozími hodnotami\n"
@@ -1987,6 +2294,11 @@ msgstr "%s: skupina „%s“ je NIS skupinou.\n"
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: zadáno příliš mnoho skupin (max %d).\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Out of memory. Cannot update %s.\n"
+msgid "%s: Out of memory. Cannot find group '%s'.\n"
+msgstr "%s: Nedostatek paměti. Nelze aktualizovat %s.\n"
+
 #, c-format
 msgid ""
 "Usage: %s [options] LOGIN\n"
@@ -2001,6 +2313,11 @@ msgstr ""
 "\n"
 "Volby:\n"
 
+#, fuzzy
+#| msgid "  -s, --shadow                  edit shadow or gshadow database\n"
+msgid "      --badnames                do not check for bad names\n"
+msgstr "  -s, --shadow                  upraví databázi shadow nebo gshadow\n"
+
 msgid ""
 "  -b, --base-dir BASE_DIR       base directory for the home directory of "
 "the\n"
@@ -2010,6 +2327,10 @@ msgstr ""
 "nového\n"
 "                                uživatelského účtu\n"
 
+msgid ""
+"      --btrfs-subvolume-home    use BTRFS subvolume for home directory\n"
+msgstr ""
+
 msgid "  -c, --comment COMMENT         GECOS field of the new account\n"
 msgstr "  -c, --comment KOMENTÁŘ        pole GECOS nového účtu\n"
 
@@ -2128,26 +2449,114 @@ msgstr "%s: chybná položka „%s“\n"
 msgid "%s: invalid shell '%s'\n"
 msgstr "%s: chybný shell „%s“\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Warning: %s is not executable\n"
+msgid "%s: Warning: missing or non-executable shell '%s'\n"
+msgstr "%s: Varování: %s se nedá spustit\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot rewrite password file\n"
+msgid "%s: -Z cannot be used with --prefix\n"
+msgstr "%s: soubor s hesly nelze přepsat\n"
+
 #, c-format
 msgid "%s: -Z requires SELinux enabled kernel\n"
 msgstr "%s: -Z vyžaduje jádro s povoleným SELinuxem\n"
 
+#, fuzzy, c-format
+#| msgid "%s: invalid user name '%s'\n"
+msgid "%s: invalid user name '%s': use --badname to ignore\n"
+msgstr "%s: chybné uživatelské jméno „%s“\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
+msgid "%s: failed to open the faillog file for UID %lu: %s\n"
+msgstr "%s: nepodařilo se vynulovat faillog záznam UID %lu: %s\n"
+
 #, c-format
 msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
 msgstr "%s: nepodařilo se vynulovat faillog záznam UID %lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
+msgid "%s: failed to close the faillog file for UID %lu: %s\n"
+msgstr "%s: nepodařilo se vynulovat faillog záznam UID %lu: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
+msgid "%s: failed to open the lastlog file for UID %lu: %s\n"
+msgstr "%s: nepodařilo se vynulovat lastlog záznam UID %lu: %s\n"
+
 #, c-format
 msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
 msgstr "%s: nepodařilo se vynulovat lastlog záznam UID %lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
+msgid "%s: failed to close the lastlog file for UID %lu: %s\n"
+msgstr "%s: nepodařilo se vynulovat lastlog záznam UID %lu: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
+msgid "%s: failed to reset the tallylog entry of user \"%s\"\n"
+msgstr "%s: nepodařilo se vynulovat faillog záznam UID %lu: %s\n"
+
 #, c-format
 msgid "%s: failed to prepare the new %s entry\n"
 msgstr "%s: selhala příprava nového záznamu %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: error updating files\n"
+msgid "%s: error while duplicating string %s\n"
+msgstr "%s: chyba při aktualizaci souborů\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create directory %s\n"
+msgid "%s: cannot set SELinux context for home directory %s\n"
+msgstr "%s: adresář %s nelze vytvořit\n"
+
+#, c-format
+msgid "%s: error while duplicating string in BTRFS check %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: %s home directory (%s) not found\n"
+msgid "%s: home directory \"%s\" must be mounted on BTRFS\n"
+msgstr "%s: domovský adresář uživatele %s (%s) nebyl nalezen\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to allocate memory: %s\n"
+msgid "%s: failed to create BTRFS subvolume: %s\n"
+msgstr "%s: selhala alokace paměti: %s\n"
+
 #, c-format
 msgid "%s: cannot create directory %s\n"
 msgstr "%s: adresář %s nelze vytvořit\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: warning: chown on `%s' failed: %m\n"
+msgstr "%s: řádek %d: volání chown %s selhalo: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: warning: chmod on `%s' failed: %m\n"
+msgstr "%s: řádek %d: volání chown %s selhalo: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: warning: chown on '%s' failed: %m\n"
+msgstr "%s: řádek %d: volání chown %s selhalo: %s\n"
+
+#, c-format
+msgid "%s: cannot reset SELinux file creation context\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Cannot create SELinux login mapping for %s\n"
+msgid "%s: cannot set SELinux context for mailbox file %s\n"
+msgstr "Nelze vytvořit mapování uživatele %s na SEuživatele\n"
+
 msgid "Creating mailbox file"
 msgstr "Vytvářím poštovní schránku"
 
@@ -2160,6 +2569,17 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "Nastavuji oprávnění k poštovní schránce"
 
+#, c-format
+msgid ""
+"%s warning: %s's uid %d outside of the SYS_UID_MIN %d and SYS_UID_MAX %d "
+"range.\n"
+msgstr ""
+
+#, c-format
+msgid ""
+"%s warning: %s's uid %d outside of the UID_MIN %d and UID_MAX %d range.\n"
+msgstr ""
+
 #, c-format
 msgid "%s: user '%s' already exists\n"
 msgstr "%s: uživatel „%s“ již existuje\n"
@@ -2195,10 +2615,13 @@ msgstr "%s: nelze vytvořit podřízená uživatelská ID\n"
 msgid "%s: can't create subordinate group IDs\n"
 msgstr "%s: nelze vytvořit podřízená skupinová ID\n"
 
-#, c-format
+#, fuzzy, c-format
+#| msgid ""
+#| "%s: warning: the home directory already exists.\n"
+#| "Not copying any file from skel directory into it.\n"
 msgid ""
-"%s: warning: the home directory already exists.\n"
-"Not copying any file from skel directory into it.\n"
+"%s: warning: the home directory %s already exists.\n"
+"%s: Not copying any file from skel directory into it.\n"
 msgstr ""
 "%s: varování: domovský adresář již existuje.\n"
 "Nekopíruji do něj žádné soubory z adresáře skel.\n"
@@ -2208,9 +2631,15 @@ msgid "%s: warning: the user name %s to %s SELinux user mapping failed.\n"
 msgstr ""
 "%s: varování: mapování uživatele %s na uživatele SELinuxu %s selhalo.\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -f, --force                   force removal of files,\n"
+#| "                                even if not owned by user\n"
 msgid ""
-"  -f, --force                   force removal of files,\n"
-"                                even if not owned by user\n"
+"  -f, --force                   force some actions that would fail "
+"otherwise\n"
+"                                e.g. removal of user still logged in\n"
+"                                or files, even if not owned by the user\n"
 msgstr ""
 "  -f, --force                   vynutí odstranění souborů,\n"
 "                                i když je uživatel nevlastní\n"
@@ -2287,6 +2716,11 @@ msgstr "%s: domovský adresář uživatele %s (%s) nebyl nalezen\n"
 msgid "%s: not removing directory %s (would remove home of user %s)\n"
 msgstr "%s: adresář %s nebudu mazat (je to domácí adresář uživatele %s)\n"
 
+#, fuzzy, c-format
+#| msgid "%s: error removing directory %s\n"
+msgid "%s: error removing subvolume %s\n"
+msgstr "%s: chyba při mazání adresáře %s\n"
+
 #, c-format
 msgid "%s: error removing directory %s\n"
 msgstr "%s: chyba při mazání adresáře %s\n"
@@ -2393,6 +2827,10 @@ msgstr ""
 msgid "%s: user '%s' already exists in %s\n"
 msgstr "%s: uživatel „%s“ již v %s existuje\n"
 
+#, c-format
+msgid "%s: homedir must be an absolute path\n"
+msgstr ""
+
 #, c-format
 msgid "%s: invalid subordinate uid range '%s'\n"
 msgstr "%s: neplatný rozsah podřízených uid „%s“\n"
@@ -2437,6 +2875,10 @@ msgstr ""
 msgid "%s: Failed to change ownership of the home directory"
 msgstr "%s: Nepodařilo se změnit vlastníka domovského adresáře"
 
+#, c-format
+msgid "%s: error: cannot move subvolume from %s to %s - different device\n"
+msgstr ""
+
 #, c-format
 msgid "%s: warning: failed to completely remove old home directory %s"
 msgstr "%s: varování: selhalo úplné odstranění domovského adresáře %s"
@@ -2471,16 +2913,18 @@ msgstr "chyba při přejmenovávání poštovní schránky"
 msgid "%s: failed to remove uid range %lu-%lu from '%s'\n"
 msgstr "%s: odebrání rozsahu uid %lu-%lu z „%s“ selhalo\n"
 
-#, c-format
-msgid "%s: failed to add uid range %lu-%lu from '%s'\n"
+#, fuzzy, c-format
+#| msgid "%s: failed to add uid range %lu-%lu from '%s'\n"
+msgid "%s: failed to add uid range %lu-%lu to '%s'\n"
 msgstr "%s: přidání rozsahu uid %lu-%lu z „%s“ selhalo\n"
 
 #, c-format
 msgid "%s: failed to remove gid range %lu-%lu from '%s'\n"
 msgstr "%s: odebrání rozsahu gid %lu-%lu z „%s“ selhalo\n"
 
-#, c-format
-msgid "%s: failed to add gid range %lu-%lu from '%s'\n"
+#, fuzzy, c-format
+#| msgid "%s: failed to add gid range %lu-%lu from '%s'\n"
+msgid "%s: failed to add gid range %lu-%lu to '%s'\n"
 msgstr "%s: přidání rozsahu gid %lu-%lu z „%s“ selhalo\n"
 
 #, c-format
@@ -2569,93 +3013,12 @@ msgstr "%s: %s nelze obnovit: %s (změny jsou v %s)\n"
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: nepodařilo se nalézt tcb adresář uživatele %s\n"
 
-#~ msgid ""
-#~ "%s: Invalid configuration: SUB_GID_MIN (%lu), SUB_GID_MAX (%lu), "
-#~ "SUB_GID_COUNT (%lu)\n"
-#~ msgstr ""
-#~ "%s: Neplatné nastavení: SUB_GID_MIN (%lu), SUB_GID_MAX (%lu), "
-#~ "SUB_GID_COUNT (%lu)\n"
-
-#~ msgid "%s: Can't get unique subordinate GID range\n"
-#~ msgstr "%s: Nelze získat jedinečný rozsah podřízených GID\n"
-
-#~ msgid ""
-#~ "%s: Invalid configuration: SUB_UID_MIN (%lu), SUB_UID_MAX (%lu), "
-#~ "SUB_UID_COUNT (%lu)\n"
-#~ msgstr ""
-#~ "%s: Neplatné nastavení: SUB_UID_MIN (%lu), SUB_UID_MAX (%lu), "
-#~ "SUB_UID_COUNT (%lu)\n"
-
-#~ msgid "%s: Can't get unique subordinate UID range\n"
-#~ msgstr "%s: Nelze získat jedinečný rozsah podřízených UID\n"
-
-#~ msgid "%s: Not enough arguments to form %u mappings\n"
-#~ msgstr "%s: Nedostatek argumentů pro vytvoření %u mapování\n"
-
-#~ msgid "%s: Memory allocation failure\n"
-#~ msgstr "%s: Chyba alokace paměti\n"
-
-#~ msgid "%s: snprintf failed!\n"
-#~ msgstr "%s: snprintf selhalo!\n"
-
-#~ msgid "%s: open of %s failed: %s\n"
-#~ msgstr "%s: otevření %s selhalo: %s\n"
-
-#~ msgid "%s: write to %s failed: %s\n"
-#~ msgstr "%s: zápis do %s selhal: %s\n"
-
-#~ msgid "%s: PAM modules requesting echoing are not supported.\n"
-#~ msgstr ""
-#~ "%s: PAM moduly vyžadující zobrazování zpětné vazby nejsou podporovány.\n"
-
-#~ msgid "%s: conversation type %d not supported.\n"
-#~ msgstr "%s: typ konverzace %d není podporován.\n"
-
-#~ msgid "%s: (user %s) pam_start failure %d\n"
-#~ msgstr "%s: (uživatel %s) chyba pam_start %d\n"
-
-#~ msgid ""
-#~ "%s: (user %s) pam_chauthtok() failed, error:\n"
-#~ "%s\n"
-#~ msgstr ""
-#~ "%s: (uživatel %s) volání pam_chauthtok() selhalo, chyba:\n"
-#~ "%s\n"
-
-#~ msgid "%s: user %s is currently logged in\n"
-#~ msgstr "%s: uživatel %s je právě přihlášen\n"
-
-#~ msgid "%s: user %s is currently used by process %d\n"
-#~ msgstr "%s: uživatel %s je momentálně používán procesem %d\n"
-
-#~ msgid "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"
-#~ msgstr "%s: rozsah gid [%lu-%lu) -> [%lu-%lu) není povolen\n"
-
-#~ msgid ""
-#~ "usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> "
-#~ "<count> ] ... \n"
-#~ msgstr ""
-#~ "použití: %s <pid> <gid> <spodnígid> <počet> [ <gid> <spodnígid> "
-#~ "<počet> ] ...\n"
-
-#~ msgid "%s: Could not open proc directory for target %u\n"
-#~ msgstr "%s: Nelze otevřít proc adresář cílového procesu %u\n"
-
-#~ msgid "%s: Could not stat directory for target %u\n"
-#~ msgstr "%s: Nelze zavolat stat na adresář cílového procesu %u\n"
+#~ msgid "Username         Port     From             Latest"
+#~ msgstr "Uživatel         Port     Z                Naposledy"
 
 #~ msgid "%s: Target %u is owned by a different user\n"
 #~ msgstr "%s: Cílový proces %u je vlastněn jiným uživatelem\n"
 
-#~ msgid "%s: uid range [%lu-%lu) -> [%lu-%lu) not allowed\n"
-#~ msgstr "%s: rozsah uid [%lu-%lu) -> [%lu-%lu) není povolen\n"
-
-#~ msgid ""
-#~ "usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> "
-#~ "<count> ] ... \n"
-#~ msgstr ""
-#~ "použití: %s <pid> <uid> <spodníuid> <počet> [ <uid> <spodníuid> "
-#~ "<počet> ] ...\n"
-
 #~ msgid "  -c, --crypt-method            the crypt method (one of %s)\n"
 #~ msgstr "  -c, --crypt-method            typ šifry (jeden z %s)\n"
 
@@ -3561,9 +3924,6 @@ msgstr "%s: nepodařilo se nalézt tcb adresář uživatele %s\n"
 #~ msgid "%s: can't open files\n"
 #~ msgstr "%s: soubory nelze otevřít\n"
 
-#~ msgid "%s: error updating files\n"
-#~ msgstr "%s: chyba při aktualizaci souborů\n"
-
 #~ msgid "%s: can't update passwd entry for %s\n"
 #~ msgstr "%s: položku souboru s hesly pro uživatele %s nelze aktualizovat\n"
 
@@ -3595,9 +3955,6 @@ msgstr "%s: nepodařilo se nalézt tcb adresář uživatele %s\n"
 #~ msgstr ""
 #~ "%s: Nedostatek paměti. Nelze aktualizovat databázi stínových skupin.\n"
 
-#~ msgid "%s: cannot rewrite password file\n"
-#~ msgstr "%s: soubor s hesly nelze přepsat\n"
-
 #~ msgid "%s: cannot rewrite shadow password file\n"
 #~ msgstr "%s: soubor se stínovými hesly nelze přepsat\n"
 

po/da.po

@@ -20,7 +20,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2016-09-18 14:03-0500\n"
+"POT-Creation-Date: 2021-07-04 12:20+0200\n"
 "PO-Revision-Date: 2012-01-26 23:57+0100\n"
 "Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n"
 "Language-Team: Danish <debian-l10n-danish@lists.debian.org>\n"
@@ -67,6 +67,15 @@ msgstr "Adgangskode: "
 msgid "%s's Password: "
 msgstr "%s's adgangskode: "
 
+#, fuzzy
+#| msgid "Cannot open audit interface - aborting.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "Kan ikke åbne overvågningsbrugerflade (audit) - afbryder.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
 #, c-format
 msgid "[libsemanage]: %s\n"
 msgstr "[libsemanage]: %s\n"
@@ -315,10 +324,6 @@ msgstr[1] ""
 "%d fejl siden sidste logind.\n"
 "Sidst var %s, %s.\n"
 
-#, c-format
-msgid "%s: Invalid configuration: GID_MIN (%lu), GID_MAX (%lu)\n"
-msgstr "%s: Ugyldig opsætning: GID_MIN (%lu), GID_MAX (%lu)\n"
-
 #, c-format
 msgid ""
 "%s: Invalid configuration: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
@@ -326,22 +331,61 @@ msgid ""
 msgstr ""
 "%s: Ugyldig opsætning: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX (%lu)\n"
 
+#, c-format
+msgid "%s: Invalid configuration: GID_MIN (%lu), GID_MAX (%lu)\n"
+msgstr "%s: Ugyldig opsætning: GID_MIN (%lu), GID_MAX (%lu)\n"
+
+#, c-format
+msgid "%s: Encountered error attempting to use preferred GID: %s\n"
+msgstr ""
+
 #, c-format
 msgid "%s: failed to allocate memory: %s\n"
 msgstr "%s: kunne ikke tildele hukommelse: %s\n"
 
-#, c-format
-msgid "%s: Can't get unique system GID (no more available GIDs)\n"
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique system GID (no more available GIDs)\n"
+msgid ""
+"%s: Can't get unique system GID (%s). Suppressing additional messages.\n"
 msgstr ""
 "%s: Kan ikke indhente unik system-GID (ikke flere tilgængelige GID'er)\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique GID (no more available GIDs)\n"
+msgid "%s: Can't get unique GID (%s). Suppressing additional messages.\n"
+msgstr "%s: Kan ikke indhente unik GID (ikke flere tilgængelige GID'er)\n"
+
 #, c-format
 msgid "%s: Can't get unique GID (no more available GIDs)\n"
 msgstr "%s: Kan ikke indhente unik GID (ikke flere tilgængelige GID'er)\n"
 
-#, c-format
-msgid "%s: Invalid configuration: UID_MIN (%lu), UID_MAX (%lu)\n"
-msgstr "%s: Ugyldig opsætning: UID_MIN (%lu), UID_MAX (%lu)\n"
+#, fuzzy, c-format
+#| msgid ""
+#| "%s: Invalid configuration: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
+#| "(%lu)\n"
+msgid ""
+"%s: Invalid configuration: SUB_GID_MIN (%lu), SUB_GID_MAX (%lu), "
+"SUB_GID_COUNT (%lu)\n"
+msgstr ""
+"%s: Ugyldig opsætning: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX (%lu)\n"
+
+#, fuzzy, c-format
+msgid "%s: Can't get unique subordinate GID range\n"
+msgstr "%s: Kan ikke oprette bruger\n"
+
+#, fuzzy, c-format
+#| msgid ""
+#| "%s: Invalid configuration: SYS_UID_MIN (%lu), UID_MIN (%lu), SYS_UID_MAX "
+#| "(%lu)\n"
+msgid ""
+"%s: Invalid configuration: SUB_UID_MIN (%lu), SUB_UID_MAX (%lu), "
+"SUB_UID_COUNT (%lu)\n"
+msgstr ""
+"%s: Ugyldig opsætning: SYS_UID_MIN (%lu), UID_MIN (%lu), SYS_UID_MAX (%lu)\n"
+
+#, fuzzy, c-format
+msgid "%s: Can't get unique subordinate UID range\n"
+msgstr "%s: Kan ikke oprette bruger\n"
 
 #, c-format
 msgid ""
@@ -351,14 +395,75 @@ msgstr ""
 "%s: Ugyldig opsætning: SYS_UID_MIN (%lu), UID_MIN (%lu), SYS_UID_MAX (%lu)\n"
 
 #, c-format
-msgid "%s: Can't get unique system UID (no more available UIDs)\n"
+msgid "%s: Invalid configuration: UID_MIN (%lu), UID_MAX (%lu)\n"
+msgstr "%s: Ugyldig opsætning: UID_MIN (%lu), UID_MAX (%lu)\n"
+
+#, c-format
+msgid "%s: Encountered error attempting to use preferred UID: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique system UID (no more available UIDs)\n"
+msgid ""
+"%s: Can't get unique system UID (%s). Suppressing additional messages.\n"
 msgstr ""
 "%s: Kan ikke indhente unik system-UIK (ikke flere tilgængelige UID'er)\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique UID (no more available UIDs)\n"
+msgid "%s: Can't get unique UID (%s). Suppressing additional messages.\n"
+msgstr "%s: Kan ikke indhente unik UID (ikke flere tilgængelige UID'er)\n"
+
 #, c-format
 msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: Kan ikke indhente unik UID (ikke flere tilgængelige UID'er)\n"
 
+#, c-format
+msgid "%s: Not enough arguments to form %u mappings\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: Authentication failure\n"
+msgid "%s: Memory allocation failure\n"
+msgstr "%s: Godkendelse mislykkedes\n"
+
+#, c-format
+msgid "%s: subuid overflow detected.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: invalid field '%s'\n"
+msgid "%s: Invalid map file %s specified\n"
+msgstr "%s: Ugyldigt felt »%s«\n"
+
+#, c-format
+msgid "%s: Could not prctl(PR_SET_KEEPCAPS)\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Could not set name for %s\n"
+msgid "%s: Could not seteuid to %d\n"
+msgstr "Kunne ikke angive navn for %s\n"
+
+#, fuzzy, c-format
+#| msgid "Could not set name for %s\n"
+msgid "%s: Could not set caps\n"
+msgstr "Kunne ikke angive navn for %s\n"
+
+#, c-format
+msgid "%s: snprintf failed!\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: open of %s failed: %s\n"
+msgstr "%s: Linje %d: chown %s fejlede: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: write to %s failed: %s\n"
+msgstr "%s: Linje %d: chown %s fejlede: %s\n"
+
 msgid "Too many logins.\n"
 msgstr "Logget på for mange gange.\n"
 
@@ -410,6 +515,27 @@ msgstr "passwd: Adgangskode uændret\n"
 msgid "passwd: password updated successfully\n"
 msgstr "passwd: adgangskoden blev opdateret\n"
 
+#, c-format
+msgid "%s: PAM modules requesting echoing are not supported.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: repository %s not supported\n"
+msgid "%s: conversation type %d not supported.\n"
+msgstr "%s: Arkiv %s understøttes ikke\n"
+
+#, fuzzy, c-format
+#| msgid "%s: pam_start: error %d\n"
+msgid "%s: (user %s) pam_start failure %d\n"
+msgstr "%s: pam_start: Fejl %d\n"
+
+#, fuzzy, c-format
+#| msgid "passwd: pam_start() failed, error %d\n"
+msgid ""
+"%s: (user %s) pam_chauthtok() failed, error:\n"
+"%s\n"
+msgstr "passwd: pam_start() mislykkedes, fejl %d\n"
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Ugyldig adgangskode for %s.\n"
@@ -442,6 +568,10 @@ msgstr "%s: Kan ikke tilgå chroot-mappe %s: %s\n"
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: Kan ikke chroot til mappe %s: %s\n"
 
+#, c-format
+msgid "Unable to obtain random bytes.\n"
+msgstr ""
+
 #, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
@@ -450,6 +580,13 @@ msgstr ""
 "Ugyldig ENCRYPT_METHOD-værdi: »%s«.\n"
 "Vælger standard DES.\n"
 
+#, c-format
+msgid ""
+"Unable to generate a salt from setting \"%s\", check your settings in "
+"ENCRYPT_METHOD and the corresponding configuration for your selected hash "
+"method.\n"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Kunne ikke skifte mappe til »%s«\n"
@@ -469,6 +606,16 @@ msgstr "Ugyldig rodmappe »%s«\n"
 msgid "Can't change root directory to '%s'\n"
 msgstr "Kan ikke ændre rodmappen til »%s«\n"
 
+#, fuzzy, c-format
+#| msgid "%s: user '%s' does not exist in %s\n"
+msgid "%s: user %s is currently logged in\n"
+msgstr "%s: Brugeren »%s« findes ikke i %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: user '%s' is not a member of '%s'\n"
+msgid "%s: user %s is currently used by process %d\n"
+msgstr "%s: Brugeren »%s« er ikke medlem af »%s«\n"
+
 msgid "Unable to determine your tty name."
 msgstr "Kan ikke afgøre dit tty-navn."
 
@@ -500,6 +647,11 @@ msgstr ""
 msgid "  -h, --help                    display this help message and exit\n"
 msgstr "  -h, --help                    vis denne hjælpetekst og afslut\n"
 
+#, fuzzy
+#| msgid "  -g, --group                   edit group database\n"
+msgid "  -i, --iso8601                 use YYYY-MM-DD when printing dates\n"
+msgstr "  -g, --group                   rediger gruppedatabase\n"
+
 msgid ""
 "  -I, --inactive INACTIVE       set password inactive after expiration\n"
 "                                to INACTIVE\n"
@@ -689,6 +841,10 @@ msgstr "Telefon"
 msgid "Other"
 msgstr "Andet"
 
+#, c-format
+msgid "%s: fields too long\n"
+msgstr "%s: Felter for lange\n"
+
 msgid "Cannot change ID to root.\n"
 msgstr "Kan ikke ændre id til root.\n"
 
@@ -740,10 +896,6 @@ msgstr "%s: »%s« er NIS-masteren for denne klient.\n"
 msgid "Changing the user information for %s\n"
 msgstr "Ændrer brugeroplysninger for %s\n"
 
-#, c-format
-msgid "%s: fields too long\n"
-msgstr "%s: Felter for lange\n"
-
 #, c-format
 msgid ""
 "Usage: %s [options]\n"
@@ -769,9 +921,13 @@ msgstr ""
 "af\n"
 "                                MD5-algoritmen\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -s, --sha-rounds              number of SHA rounds for the SHA*\n"
+#| "                                crypt algorithms\n"
 msgid ""
-"  -s, --sha-rounds              number of SHA rounds for the SHA*\n"
-"                                crypt algorithms\n"
+"  -s, --sha-rounds              number of rounds for the SHA, BCRYPT\n"
+"                                or YESCRYPT crypt algorithms\n"
 msgstr ""
 "  -s, --sha-rounds              antal SHA-runder for SHA*\n"
 "                                crypt-algoritmerne\n"
@@ -1077,6 +1233,21 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  opret en systemkonto\n"
 
+#, fuzzy
+#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
+msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
+msgstr "  -R, --root CHROOT_MAPPE       mappe at chroote ind i\n"
+
+#, fuzzy
+#| msgid "  -l, --list                    list the members of the group\n"
+msgid "  -U, --users USERS             list of user members of this group\n"
+msgstr "  -l, --list                    vis medlemmer af gruppen\n"
+
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Invalid member username %s\n"
+msgstr "ugyldigt brugernavn »%s«\n"
+
 #, c-format
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: »%s« er ikke et gyldigt gruppenavn\n"
@@ -1101,6 +1272,11 @@ msgstr "%s: GID »%lu« findes allerede\n"
 msgid "%s: Cannot setup cleanup service.\n"
 msgstr "%s: Kan ikke opsætte tjenesten cleanup.\n"
 
+msgid ""
+"  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/"
+"* files\n"
+msgstr ""
+
 #, fuzzy
 msgid ""
 "  -f, --force                   delete group even if it is the primary group "
@@ -1187,6 +1363,24 @@ msgstr "%s: Dit gruppenavn svarer ikke overens med dit brugernavn\n"
 msgid "%s: only root can use the -g/--group option\n"
 msgstr "%s: Kun root kan bruge tilvalget -g/--group\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -a, --append                  append the user to the supplemental "
+#| "GROUPS\n"
+#| "                                mentioned by the -G option without "
+#| "removing\n"
+#| "                                the user from other groups\n"
+msgid ""
+"  -a, --append                  append the users mentioned by -U option to "
+"the group \n"
+"                                without removing existing user members\n"
+msgstr ""
+"  -a, --append                  tilføj brugeren til de supplementære "
+"GRUPPER\n"
+"                                nævnt af tilvalget -G uden at fjerne "
+"personen\n"
+"                                fra andre grupper\n"
+
 msgid "  -g, --gid GID                 change the group ID to GID\n"
 msgstr "  -g, --gid GID                 ændr gruppe-id'et til GID\n"
 
@@ -1248,6 +1442,10 @@ msgstr ""
 msgid "  -s, --sort                    sort entries by UID\n"
 msgstr "  -s, --sort                    sorter punkter efter UID\n"
 
+msgid ""
+"  -S, --silence-warnings        silence controversial/paranoid warnings\n"
+msgstr ""
+
 #, c-format
 msgid "%s: -s and -r are incompatible\n"
 msgstr "%s: -s og -r er ikke kompatible\n"
@@ -1363,8 +1561,10 @@ msgstr ""
 "  -u, --user LOGIND             vis lastlog-poster for brugeren med\n"
 "                                det angivne LOGIND\n"
 
-msgid "Username         Port     From             Latest"
-msgstr "Brugernavn       Port     Fra              Seneste"
+#, fuzzy, c-format
+#| msgid "Username                Port     Latest"
+msgid "Username         Port     From%*sLatest\n"
+msgstr "Brugernavn              Port     Seneste"
 
 msgid "Username                Port     Latest"
 msgstr "Brugernavn              Port     Seneste"
@@ -1372,10 +1572,22 @@ msgstr "Brugernavn              Port     Seneste"
 msgid "**Never logged in**"
 msgstr "**Har aldrig logget på**"
 
+#, c-format
+msgid ""
+"%s: Selected uid(s) are higher than LASTLOG_UID_MAX (%lu),\n"
+"\tthe output might be incorrect.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: Failed to update the entry for UID %lu\n"
 msgstr "%s: Kunne ikke indhente punktet for UID %lu\n"
 
+#, c-format
+msgid ""
+"%s: Selected uid(s) are higher than LASTLOG_UID_MAX (%lu),\n"
+"\tthey will not be updated.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: Failed to update the lastlog file\n"
 msgstr "%s: Kunne ikke nulstille lastlog-punktet for UID %lu: %s\n"
@@ -1502,6 +1714,54 @@ msgstr ""
 msgid "Usage: logoutd\n"
 msgstr "Brug: logoutd\n"
 
+#, c-format
+msgid "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"
+msgstr ""
+
+#, c-format
+msgid ""
+"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+msgstr ""
+
+#, c-format
+msgid "%s: kernel doesn't support setgroups restrictions\n"
+msgstr ""
+
+#, c-format
+msgid "%s: couldn't open process setgroups: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: failed to remove %s\n"
+msgid "%s: failed to read setgroups: %s\n"
+msgstr "%s: Kunne ikke fjerne %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to remove %s\n"
+msgid "%s: failed to seek setgroups: %s\n"
+msgstr "%s: Kunne ikke fjerne %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to unlock %s\n"
+msgid "%s: failed to setgroups %s policy: %s\n"
+msgstr "%s: Kunne ikke åbne %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to find tcb directory for %s\n"
+msgid "%s: Could not open proc directory for target %u\n"
+msgstr "%s: Kunne ikke finde tcb-mappe for %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: Failed to create tcb directory for %s\n"
+msgid "%s: Could not stat directory for target %u\n"
+msgstr "%s: Kan ikke oprette tcv-mappe for %s\n"
+
+#, c-format
+msgid ""
+"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
+"gid:%lu pw_gid:%lu st_gid:%lu\n"
+msgstr ""
+
 msgid "Usage: newgrp [-] [group]\n"
 msgstr "Brug: newgrp [-] [gruppe]\n"
 
@@ -1526,6 +1786,26 @@ msgstr "%s: GID »%lu« findes ikke\n"
 msgid "too many groups\n"
 msgstr "for mange grupper\n"
 
+#, c-format
+msgid "%s: uid range [%lu-%lu) -> [%lu-%lu) not allowed\n"
+msgstr ""
+
+#, c-format
+msgid ""
+"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+msgstr ""
+
+#, c-format
+msgid ""
+"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
+"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
+msgstr ""
+
+#, fuzzy
+#| msgid "  -q, --quiet                   quiet mode\n"
+msgid "  -b, --badnames                allow bad names\n"
+msgstr "  -q, --quiet                   tavs tilstand\n"
+
 msgid "  -r, --system                  create system accounts\n"
 msgstr "  -r, --system                  opret systemkontoer\n"
 
@@ -1566,6 +1846,11 @@ msgstr "%s: Linje %d: Bruger »%s« findes ikke i %s\n"
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: Linje %d: Kan ikke opdatere adgangskode\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: mkdir %s failed: %s\n"
+msgid "%s: line %d: homedir must be an absolute path\n"
+msgstr "%s: Linje %d: mkdir %s fejlede: %s\n"
+
 #, c-format
 msgid "%s: line %d: mkdir %s failed: %s\n"
 msgstr "%s: Linje %d: mkdir %s fejlede: %s\n"
@@ -1715,8 +2000,9 @@ msgstr ""
 msgid "%s: repository %s not supported\n"
 msgstr "%s: Arkiv %s understøttes ikke\n"
 
-#, c-format
-msgid "%s: %s is not authorized to change the password of %s\n"
+#, fuzzy, c-format
+#| msgid "%s: %s is not authorized to change the password of %s\n"
+msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr "%s: %s er ikke godkendt til at ændre adgangskoden på %s\n"
 
 #, c-format
@@ -1869,9 +2155,11 @@ msgstr "%s: Forkert signalmasking\n"
 msgid "Session terminated, terminating shell..."
 msgstr "Session termineret, terminerer skal..."
 
+#, c-format
 msgid " ...killed.\n"
 msgstr " ...dræbt.\n"
 
+#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr " ...venter på at underproces termineres.\n"
 
@@ -1882,8 +2170,22 @@ msgstr " ...termineret.\n"
 msgid "%s: %s\n"
 msgstr "%s: %s\n"
 
+#, fuzzy
+#| msgid ""
+#| "Usage: su [options] [LOGIN]\n"
+#| "\n"
+#| "Options:\n"
+#| "  -c, --command COMMAND         pass COMMAND to the invoked shell\n"
+#| "  -h, --help                    display this help message and exit\n"
+#| "  -, -l, --login                make the shell a login shell\n"
+#| "  -m, -p,\n"
+#| "  --preserve-environment        do not reset environment variables, and\n"
+#| "                                keep the same shell\n"
+#| "  -s, --shell SHELL             use SHELL instead of the default in "
+#| "passwd\n"
+#| "\n"
 msgid ""
-"Usage: su [options] [LOGIN]\n"
+"Usage: su [options] [-] [username [args]]\n"
 "\n"
 "Options:\n"
 "  -c, --command COMMAND         pass COMMAND to the invoked shell\n"
@@ -1894,6 +2196,7 @@ msgid ""
 "                                keep the same shell\n"
 "  -s, --shell SHELL             use SHELL instead of the default in passwd\n"
 "\n"
+"If no username is given, assume root.\n"
 msgstr ""
 "Brug: su [tilvalg] [LOGIND]\n"
 "\n"
@@ -1916,6 +2219,14 @@ msgstr ""
 "%s: %s\n"
 "(Ignoreret)\n"
 
+#, c-format
+msgid "Password field is empty, this is forbidden for all accounts.\n"
+msgstr ""
+
+#, c-format
+msgid "Password field is empty, this is forbidden for super-user.\n"
+msgstr ""
+
 #, c-format
 msgid "You are not authorized to su %s\n"
 msgstr "Du er ikke autoriseret til at su %s\n"
@@ -1980,6 +2291,11 @@ msgstr "%s: %s blev oprettet, men kunne ikke fjernes\n"
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%s: Konfigurationen %s i %s vil blive ignoreret\n"
 
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "%s: cannot create new defaults file: %s\n"
+msgstr "%s: Kan ikke oprette ny standardværdifil\n"
+
 #, c-format
 msgid "%s: cannot create new defaults file\n"
 msgstr "%s: Kan ikke oprette ny standardværdifil\n"
@@ -2008,6 +2324,11 @@ msgstr "%s: Gruppen »%s« er en NIS-gruppe.\n"
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: Der er angivet for mange grupper (højst %d).\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Out of memory. Cannot update %s.\n"
+msgid "%s: Out of memory. Cannot find group '%s'.\n"
+msgstr "%s: Ikke nok hukommelse. Kan ikke opdatere %s.\n"
+
 #, c-format
 msgid ""
 "Usage: %s [options] LOGIN\n"
@@ -2022,6 +2343,12 @@ msgstr ""
 "\n"
 "Tilvalg:\n"
 
+#, fuzzy
+#| msgid "  -s, --shadow                  edit shadow or gshadow database\n"
+msgid "      --badnames                do not check for bad names\n"
+msgstr ""
+"  -s, --shadow                  rediger skygge- eller gskyggedatabase\n"
+
 msgid ""
 "  -b, --base-dir BASE_DIR       base directory for the home directory of "
 "the\n"
@@ -2030,6 +2357,10 @@ msgstr ""
 "  -b, --base-dir BASIS_MAP      basismappe for hjemmemappen på den nye\n"
 "                                konto\n"
 
+msgid ""
+"      --btrfs-subvolume-home    use BTRFS subvolume for home directory\n"
+msgstr ""
+
 msgid "  -c, --comment COMMENT         GECOS field of the new account\n"
 msgstr "  -c, --comment KOMMENTAR       GECOS-felt på den nye konto\n"
 
@@ -2152,26 +2483,113 @@ msgstr "%s: Ugyldigt felt »%s«\n"
 msgid "%s: invalid shell '%s'\n"
 msgstr "%s: Ugyldig skal »%s«\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Warning: %s is not executable\n"
+msgid "%s: Warning: missing or non-executable shell '%s'\n"
+msgstr "%s: Advarsel: %s er ikke kørbar\n"
+
+#, c-format
+msgid "%s: -Z cannot be used with --prefix\n"
+msgstr ""
+
 #, c-format
 msgid "%s: -Z requires SELinux enabled kernel\n"
 msgstr "%s: -Z kræver SELinux-aktiveret kerne\n"
 
+#, fuzzy, c-format
+#| msgid "%s: invalid user name '%s'\n"
+msgid "%s: invalid user name '%s': use --badname to ignore\n"
+msgstr "%s: Ugyldigt brugernavn »%s«\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
+msgid "%s: failed to open the faillog file for UID %lu: %s\n"
+msgstr "%s: Kunne ikke nulstille faillog-punktet for UID %lu: %s\n"
+
 #, c-format
 msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
 msgstr "%s: Kunne ikke nulstille faillog-punktet for UID %lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
+msgid "%s: failed to close the faillog file for UID %lu: %s\n"
+msgstr "%s: Kunne ikke nulstille faillog-punktet for UID %lu: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
+msgid "%s: failed to open the lastlog file for UID %lu: %s\n"
+msgstr "%s: Kunne ikke nulstille lastlog-punktet for UID %lu: %s\n"
+
 #, c-format
 msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
 msgstr "%s: Kunne ikke nulstille lastlog-punktet for UID %lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
+msgid "%s: failed to close the lastlog file for UID %lu: %s\n"
+msgstr "%s: Kunne ikke nulstille lastlog-punktet for UID %lu: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
+msgid "%s: failed to reset the tallylog entry of user \"%s\"\n"
+msgstr "%s: Kunne ikke nulstille faillog-punktet for UID %lu: %s\n"
+
 #, fuzzy, c-format
 msgid "%s: failed to prepare the new %s entry\n"
 msgstr "%s: Kunne ikke forberede det nye %s-punkt »%s«\n"
 
+#, fuzzy, c-format
+#| msgid "%s: error changing fields\n"
+msgid "%s: error while duplicating string %s\n"
+msgstr "%s: Fejl ved ændring af felter\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create directory %s\n"
+msgid "%s: cannot set SELinux context for home directory %s\n"
+msgstr "%s: Kan ikke oprette mappen %s\n"
+
+#, c-format
+msgid "%s: error while duplicating string in BTRFS check %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: %s home directory (%s) not found\n"
+msgid "%s: home directory \"%s\" must be mounted on BTRFS\n"
+msgstr "%s: %s hjemmemappe (%s) er ikke fundet\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to allocate memory: %s\n"
+msgid "%s: failed to create BTRFS subvolume: %s\n"
+msgstr "%s: kunne ikke tildele hukommelse: %s\n"
+
 #, c-format
 msgid "%s: cannot create directory %s\n"
 msgstr "%s: Kan ikke oprette mappen %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: warning: chown on `%s' failed: %m\n"
+msgstr "%s: Linje %d: chown %s fejlede: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: warning: chmod on `%s' failed: %m\n"
+msgstr "%s: Linje %d: chown %s fejlede: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: warning: chown on '%s' failed: %m\n"
+msgstr "%s: Linje %d: chown %s fejlede: %s\n"
+
+#, c-format
+msgid "%s: cannot reset SELinux file creation context\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Cannot create SELinux login mapping for %s\n"
+msgid "%s: cannot set SELinux context for mailbox file %s\n"
+msgstr "Kan ikke oprette SELinux-logindkortlægning for %s\n"
+
 msgid "Creating mailbox file"
 msgstr "Opretter postboksfil"
 
@@ -2184,6 +2602,17 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "Indstiller postboksfilens rettigheder"
 
+#, c-format
+msgid ""
+"%s warning: %s's uid %d outside of the SYS_UID_MIN %d and SYS_UID_MAX %d "
+"range.\n"
+msgstr ""
+
+#, c-format
+msgid ""
+"%s warning: %s's uid %d outside of the UID_MIN %d and UID_MAX %d range.\n"
+msgstr ""
+
 #, c-format
 msgid "%s: user '%s' already exists\n"
 msgstr "%s: Brugeren »%s« findes allerede\n"
@@ -2219,10 +2648,13 @@ msgstr "%s: Kan ikke oprette bruger\n"
 msgid "%s: can't create subordinate group IDs\n"
 msgstr "%s: Kan ikke oprette gruppe\n"
 
-#, c-format
+#, fuzzy, c-format
+#| msgid ""
+#| "%s: warning: the home directory already exists.\n"
+#| "Not copying any file from skel directory into it.\n"
 msgid ""
-"%s: warning: the home directory already exists.\n"
-"Not copying any file from skel directory into it.\n"
+"%s: warning: the home directory %s already exists.\n"
+"%s: Not copying any file from skel directory into it.\n"
 msgstr ""
 "%s: Advarsel: Hjemmemappen findes allerede.\n"
 "Kopierer ikke nogen filer til den fra skelet-mappen.\n"
@@ -2232,9 +2664,15 @@ msgid "%s: warning: the user name %s to %s SELinux user mapping failed.\n"
 msgstr ""
 "%s: Advarsel: Brugernavnet %s til %s SELinux-brugerkortlægning mislykkedes.\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -f, --force                   force removal of files,\n"
+#| "                                even if not owned by user\n"
 msgid ""
-"  -f, --force                   force removal of files,\n"
-"                                even if not owned by user\n"
+"  -f, --force                   force some actions that would fail "
+"otherwise\n"
+"                                e.g. removal of user still logged in\n"
+"                                or files, even if not owned by the user\n"
 msgstr ""
 "  -f, --force                   gennemtving fjernelse af filer,\n"
 "                                selvom de ikke ejers af brugeren\n"
@@ -2311,6 +2749,11 @@ msgid "%s: not removing directory %s (would remove home of user %s)\n"
 msgstr ""
 "%s: Fjerner ikke mappen %s (det ville fjerne hjemmemappen for brugeren %s)\n"
 
+#, fuzzy, c-format
+#| msgid "%s: error removing directory %s\n"
+msgid "%s: error removing subvolume %s\n"
+msgstr "%s: Fejl under fjernelse af mappen %s\n"
+
 #, c-format
 msgid "%s: error removing directory %s\n"
 msgstr "%s: Fejl under fjernelse af mappen %s\n"
@@ -2423,6 +2866,10 @@ msgstr ""
 msgid "%s: user '%s' already exists in %s\n"
 msgstr "%s: Brugeren »%s« findes allerede i %s\n"
 
+#, c-format
+msgid "%s: homedir must be an absolute path\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: invalid subordinate uid range '%s'\n"
 msgstr "%s: Ugyldig dato »%s«\n"
@@ -2467,6 +2914,10 @@ msgstr ""
 msgid "%s: Failed to change ownership of the home directory"
 msgstr "%s: Kunne ikke ændre ejerskab af hjemmemappen"
 
+#, c-format
+msgid "%s: error: cannot move subvolume from %s to %s - different device\n"
+msgstr ""
+
 #, c-format
 msgid "%s: warning: failed to completely remove old home directory %s"
 msgstr "%s: Advarsel: Kunne ikke fjerne den gamle hjemmemappe %s fuldstændigt"
@@ -2500,7 +2951,7 @@ msgid "%s: failed to remove uid range %lu-%lu from '%s'\n"
 msgstr "%s: Kunne ikke forberede det nye %s-punkt »%s«\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to add uid range %lu-%lu from '%s'\n"
+msgid "%s: failed to add uid range %lu-%lu to '%s'\n"
 msgstr "%s: Kunne ikke forberede det nye %s-punkt »%s«\n"
 
 #, fuzzy, c-format
@@ -2508,7 +2959,7 @@ msgid "%s: failed to remove gid range %lu-%lu from '%s'\n"
 msgstr "%s: Kunne ikke forberede det nye %s-punkt »%s«\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to add gid range %lu-%lu from '%s'\n"
+msgid "%s: failed to add gid range %lu-%lu to '%s'\n"
 msgstr "%s: Kunne ikke forberede det nye %s-punkt »%s«\n"
 
 #, c-format
@@ -2598,3 +3049,6 @@ msgstr "%s: Kan ikke gendanne %s: %s (dine ændringer er i %s)\n"
 #, c-format
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: Kunne ikke finde tcb-mappe for %s\n"
+
+#~ msgid "Username         Port     From             Latest"
+#~ msgstr "Brugernavn       Port     Fra              Seneste"

po/de.po

@@ -2,15 +2,16 @@
 # Copyright (C) 1999 Free Software Foundation, Inc.
 # Frank Schmid <frank@cs-schmid.de>, 2002
 # Holger Wansing <linux@wansing-online.de>, 2006, 2008, 2009, 2011, 2012, 2014.
+# Björn Esser <besser82@fedoraproject.org>, 2021.
 # Patches, suggestions, etc welcome.
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.2-2\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2016-09-18 14:03-0500\n"
-"PO-Revision-Date: 2014-07-27 23:06+0200\n"
-"Last-Translator: Holger Wansing <hwansing@mailbox.org>\n"
+"POT-Creation-Date: 2021-07-04 12:20+0200\n"
+"PO-Revision-Date: 2020-09-22 15:10+0200\n"
+"Last-Translator: Björn Esser <besser82@fedoraproject.org>\n"
 "Language-Team: German <debian-l10n-german@lists.debian.org>\n"
 "Language: de\n"
 "MIME-Version: 1.0\n"
@@ -58,6 +59,15 @@ msgstr "Passwort: "
 msgid "%s's Password: "
 msgstr "Passwort von %s: "
 
+#, fuzzy
+#| msgid "Cannot open audit interface - aborting.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "Audit-Schnittstelle konnte nicht geöffnet werden - Abbruch.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
 #, c-format
 msgid "[libsemanage]: %s\n"
 msgstr "[libsemanage]: %s\n"
@@ -309,10 +319,6 @@ msgstr[1] ""
 "%d Fehlversuche seit letzter Anmeldung.\n"
 "Der letzte war am %s auf %s.\n"
 
-#, c-format
-msgid "%s: Invalid configuration: GID_MIN (%lu), GID_MAX (%lu)\n"
-msgstr "%s: Ungültige Konfiguration: GID_MIN (%lu), GID_MAX (%lu)\n"
-
 #, c-format
 msgid ""
 "%s: Invalid configuration: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
@@ -321,21 +327,62 @@ msgstr ""
 "%s: Ungültige Konfiguration: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
 "(%lu)\n"
 
+#, c-format
+msgid "%s: Invalid configuration: GID_MIN (%lu), GID_MAX (%lu)\n"
+msgstr "%s: Ungültige Konfiguration: GID_MIN (%lu), GID_MAX (%lu)\n"
+
+#, c-format
+msgid "%s: Encountered error attempting to use preferred GID: %s\n"
+msgstr ""
+
 #, c-format
 msgid "%s: failed to allocate memory: %s\n"
 msgstr "%s: Speicherreservierung fehlgeschlagen: %s\n"
 
-#, c-format
-msgid "%s: Can't get unique system GID (no more available GIDs)\n"
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique system GID (no more available GIDs)\n"
+msgid ""
+"%s: Can't get unique system GID (%s). Suppressing additional messages.\n"
 msgstr "%s: Keine einmalige System-GID bekommen (keine GIDs mehr verfügbar)\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique GID (no more available GIDs)\n"
+msgid "%s: Can't get unique GID (%s). Suppressing additional messages.\n"
+msgstr "%s: Keine einmalige GID bekommen (keine GIDs mehr verfügbar)\n"
+
 #, c-format
 msgid "%s: Can't get unique GID (no more available GIDs)\n"
 msgstr "%s: Keine einmalige GID bekommen (keine GIDs mehr verfügbar)\n"
 
-#, c-format
-msgid "%s: Invalid configuration: UID_MIN (%lu), UID_MAX (%lu)\n"
-msgstr "%s: Ungültige Konfiguration: UID_MIN (%lu), UID_MAX (%lu)\n"
+#, fuzzy, c-format
+#| msgid ""
+#| "%s: Invalid configuration: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
+#| "(%lu)\n"
+msgid ""
+"%s: Invalid configuration: SUB_GID_MIN (%lu), SUB_GID_MAX (%lu), "
+"SUB_GID_COUNT (%lu)\n"
+msgstr ""
+"%s: Ungültige Konfiguration: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
+"(%lu)\n"
+
+#, fuzzy, c-format
+msgid "%s: Can't get unique subordinate GID range\n"
+msgstr "%s: Benutzer kann nicht erstellt werden\n"
+
+#, fuzzy, c-format
+#| msgid ""
+#| "%s: Invalid configuration: SYS_UID_MIN (%lu), UID_MIN (%lu), SYS_UID_MAX "
+#| "(%lu)\n"
+msgid ""
+"%s: Invalid configuration: SUB_UID_MIN (%lu), SUB_UID_MAX (%lu), "
+"SUB_UID_COUNT (%lu)\n"
+msgstr ""
+"%s: Ungültige Konfiguration: SYS_UID_MIN (%lu), UID_MIN (%lu), SYS_UID_MAX "
+"(%lu)\n"
+
+#, fuzzy, c-format
+msgid "%s: Can't get unique subordinate UID range\n"
+msgstr "%s: Benutzer kann nicht erstellt werden\n"
 
 #, c-format
 msgid ""
@@ -346,13 +393,74 @@ msgstr ""
 "(%lu)\n"
 
 #, c-format
-msgid "%s: Can't get unique system UID (no more available UIDs)\n"
+msgid "%s: Invalid configuration: UID_MIN (%lu), UID_MAX (%lu)\n"
+msgstr "%s: Ungültige Konfiguration: UID_MIN (%lu), UID_MAX (%lu)\n"
+
+#, c-format
+msgid "%s: Encountered error attempting to use preferred UID: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique system UID (no more available UIDs)\n"
+msgid ""
+"%s: Can't get unique system UID (%s). Suppressing additional messages.\n"
 msgstr "%s: Keine einmalige System-UID bekommen (keine UIDs mehr verfügbar)\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique UID (no more available UIDs)\n"
+msgid "%s: Can't get unique UID (%s). Suppressing additional messages.\n"
+msgstr "%s: Keine einmalige UID bekommen (keine UIDs mehr verfügbar)\n"
+
 #, c-format
 msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: Keine einmalige UID bekommen (keine UIDs mehr verfügbar)\n"
 
+#, c-format
+msgid "%s: Not enough arguments to form %u mappings\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: Authentication failure\n"
+msgid "%s: Memory allocation failure\n"
+msgstr "%s: Authentifizierung fehlgeschlagen\n"
+
+#, c-format
+msgid "%s: subuid overflow detected.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: invalid field '%s'\n"
+msgid "%s: Invalid map file %s specified\n"
+msgstr "%s: Ungültiges Feld »%s«\n"
+
+#, c-format
+msgid "%s: Could not prctl(PR_SET_KEEPCAPS)\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Could not set name for %s\n"
+msgid "%s: Could not seteuid to %d\n"
+msgstr "Name für %s konnte nicht gesetzt werden\n"
+
+#, fuzzy, c-format
+#| msgid "Could not set name for %s\n"
+msgid "%s: Could not set caps\n"
+msgstr "Name für %s konnte nicht gesetzt werden\n"
+
+#, c-format
+msgid "%s: snprintf failed!\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: open of %s failed: %s\n"
+msgstr "%s: Zeile %d: chown %s (Eigentümer ändern) fehlgeschlagen: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: write to %s failed: %s\n"
+msgstr "%s: Zeile %d: chown %s (Eigentümer ändern) fehlgeschlagen: %s\n"
+
 msgid "Too many logins.\n"
 msgstr "Zu viele Anmeldungen.\n"
 
@@ -404,6 +512,27 @@ msgstr "passwd: Passwort nicht geändert\n"
 msgid "passwd: password updated successfully\n"
 msgstr "passwd: Passwort erfolgreich geändert\n"
 
+#, c-format
+msgid "%s: PAM modules requesting echoing are not supported.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: repository %s not supported\n"
+msgid "%s: conversation type %d not supported.\n"
+msgstr "%s: Repository %s nicht unterstützt\n"
+
+#, fuzzy, c-format
+#| msgid "%s: pam_start: error %d\n"
+msgid "%s: (user %s) pam_start failure %d\n"
+msgstr "%s: pam_start: Fehler %d\n"
+
+#, fuzzy, c-format
+#| msgid "passwd: pam_start() failed, error %d\n"
+msgid ""
+"%s: (user %s) pam_chauthtok() failed, error:\n"
+"%s\n"
+msgstr "passwd: pam_start() fehlgeschlagen, Fehler %d\n"
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Falsches Passwort für %s.\n"
@@ -436,6 +565,10 @@ msgstr "%s: auf chroot-Verzeichnis %s kann nicht zugegriffen werden: %s\n"
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: chroot-Wechsel in Verzeichnis %s nicht möglich: %s\n"
 
+#, c-format
+msgid "Unable to obtain random bytes.\n"
+msgstr "Kann keine zufälligen Bytes beziehen.\n"
+
 #, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
@@ -444,6 +577,16 @@ msgstr ""
 "Ungültiger Wert für ENCRYPT_METHOD: »%s«.\n"
 "Standard DES wird gewählt.\n"
 
+#, c-format
+msgid ""
+"Unable to generate a salt from setting \"%s\", check your settings in "
+"ENCRYPT_METHOD and the corresponding configuration for your selected hash "
+"method.\n"
+msgstr ""
+"Kann kein Salt für das Präfix \"%s\" generieren. Bitte die Einstellungen "
+"für ENCRYPT_METHOD und den zugehörigen Konfigurationen der gewählten "
+"Hash-Methode überprüfen.\n"
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Es konnte nicht in das Verzeichnis »%s« gewechselt werden.\n"
@@ -463,6 +606,16 @@ msgstr "Ungültiges root-Verzeichnis »%s«\n"
 msgid "Can't change root directory to '%s'\n"
 msgstr "root-Verzeichnis kann nicht auf »%s« geändert werden.\n"
 
+#, fuzzy, c-format
+#| msgid "%s: user '%s' does not exist in %s\n"
+msgid "%s: user %s is currently logged in\n"
+msgstr "%s: Benutzer »%s« ist in %s nicht vorhanden.\n"
+
+#, fuzzy, c-format
+#| msgid "%s: user '%s' is not a member of '%s'\n"
+msgid "%s: user %s is currently used by process %d\n"
+msgstr "%s: Benutzer »%s« ist kein Mitglied von »%s«.\n"
+
 msgid "Unable to determine your tty name."
 msgstr "Ihr tty-Name konnte nicht festgestellt werden."
 
@@ -495,6 +648,11 @@ msgstr ""
 msgid "  -h, --help                    display this help message and exit\n"
 msgstr "  -h, --help                    Diese Hilfe anzeigen, sonst nichts\n"
 
+#, fuzzy
+#| msgid "  -g, --group                   edit group database\n"
+msgid "  -i, --iso8601                 use YYYY-MM-DD when printing dates\n"
+msgstr "  -g, --group                   Gruppen-Datenbank editieren\n"
+
 msgid ""
 "  -I, --inactive INACTIVE       set password inactive after expiration\n"
 "                                to INACTIVE\n"
@@ -691,6 +849,10 @@ msgstr "Telefon privat"
 msgid "Other"
 msgstr "Sonstiges"
 
+#, c-format
+msgid "%s: fields too long\n"
+msgstr "%s: Felder zu lang\n"
+
 msgid "Cannot change ID to root.\n"
 msgstr "ID konnte nicht auf root geändert werden.\n"
 
@@ -743,10 +905,6 @@ msgstr "%s: »%s« ist der NIS-Master für diesen Client.\n"
 msgid "Changing the user information for %s\n"
 msgstr "Benutzerinformationen für %s werden geändert.\n"
 
-#, c-format
-msgid "%s: fields too long\n"
-msgstr "%s: Felder zu lang\n"
-
 #, c-format
 msgid ""
 "Usage: %s [options]\n"
@@ -774,12 +932,16 @@ msgstr ""
 "  -m, --md5                     Die Klartext-Passwörter mittels MD5-\n"
 "                                Algorithmus verschlüsseln\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -s, --sha-rounds              number of SHA rounds for the SHA*\n"
+#| "                                crypt algorithms\n"
 msgid ""
-"  -s, --sha-rounds              number of SHA rounds for the SHA*\n"
-"                                crypt algorithms\n"
+"  -s, --sha-rounds              number of rounds for the SHA, BCRYPT\n"
+"                                or YESCRYPT crypt algorithms\n"
 msgstr ""
-"  -s, --sha-rounds              Anzahl der SHA-Runden für den SHA*-\n"
-"                                Verschlüsselungs-Algorithmus\n"
+"  -s, --sha-rounds              Anzahl der SHA-Runden für den SHA*-,\n"
+"                                BCRYPT oder YESCRYPT Hash-Methode.\n"
 
 #, c-format
 msgid "%s: %s flag is only allowed with the %s flag\n"
@@ -1092,7 +1254,22 @@ msgstr ""
 "                                neue Gruppe verwenden\n"
 
 msgid "  -r, --system                  create a system account\n"
-msgstr "  -r, --system                  Eine Systemgruppe erstellen\n"
+msgstr "  -r, --system                  Ein Systemkonto erstellen\n"
+
+#, fuzzy
+#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
+msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
+msgstr "  -R, --root CHROOT_VERZ        Verzeichnis für chroot\n"
+
+#, fuzzy
+#| msgid "  -l, --list                    list the members of the group\n"
+msgid "  -U, --users USERS             list of user members of this group\n"
+msgstr "  -l, --list                    Die Mitglieder der Gruppe auflisten\n"
+
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Invalid member username %s\n"
+msgstr "Ungültiger Benutzername »%s«\n"
 
 #, c-format
 msgid "%s: '%s' is not a valid group name\n"
@@ -1118,6 +1295,11 @@ msgstr "%s: GID »%lu« existiert bereits.\n"
 msgid "%s: Cannot setup cleanup service.\n"
 msgstr "%s: Ihr Benutzername konnte nicht bestimmt werden.\n"
 
+msgid ""
+"  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/"
+"* files\n"
+msgstr ""
+
 #, fuzzy
 msgid ""
 "  -f, --force                   delete group even if it is the primary group "
@@ -1206,6 +1388,24 @@ msgstr "%s: Ihr Gruppenname passt nicht zu Ihrem Benutzername.\n"
 msgid "%s: only root can use the -g/--group option\n"
 msgstr "%s: Nur root kann die Option -g/--group nutzen.\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -a, --append                  append the user to the supplemental "
+#| "GROUPS\n"
+#| "                                mentioned by the -G option without "
+#| "removing\n"
+#| "                                the user from other groups\n"
+msgid ""
+"  -a, --append                  append the users mentioned by -U option to "
+"the group \n"
+"                                without removing existing user members\n"
+msgstr ""
+"  -a, --append                  Benutzer zu zusätzlichen Gruppen "
+"hinzufügen,\n"
+"                                die mit der Option -G angegeben werden, "
+"ohne\n"
+"                                ihn dabei aus anderen Gruppen zu entfernen\n"
+
 msgid "  -g, --gid GID                 change the group ID to GID\n"
 msgstr "  -g, --gid GID                 Die Gruppen-ID auf GID ändern\n"
 
@@ -1271,6 +1471,10 @@ msgstr ""
 msgid "  -s, --sort                    sort entries by UID\n"
 msgstr "  -s, --sort                    Einträge nach UID sortieren\n"
 
+msgid ""
+"  -S, --silence-warnings        silence controversial/paranoid warnings\n"
+msgstr ""
+
 #, c-format
 msgid "%s: -s and -r are incompatible\n"
 msgstr "%s: -s und -r sind nicht kompatibel.\n"
@@ -1391,8 +1595,10 @@ msgid ""
 msgstr ""
 "  -u, --user BENUTZERZUGANG     lastlog-Eintrag für BENUTZERZUGANG anzeigen\n"
 
-msgid "Username         Port     From             Latest"
-msgstr "Benutzername     Port     Von              Letzter"
+#, fuzzy, c-format
+#| msgid "Username                Port     Latest"
+msgid "Username         Port     From%*sLatest\n"
+msgstr "Benutzername            Port     Letzter"
 
 msgid "Username                Port     Latest"
 msgstr "Benutzername            Port     Letzter"
@@ -1400,10 +1606,22 @@ msgstr "Benutzername            Port     Letzter"
 msgid "**Never logged in**"
 msgstr "**Noch nie angemeldet**"
 
+#, c-format
+msgid ""
+"%s: Selected uid(s) are higher than LASTLOG_UID_MAX (%lu),\n"
+"\tthe output might be incorrect.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: Failed to update the entry for UID %lu\n"
 msgstr "%s: Auslesen des Eintrags für UID %lu fehlgeschlagen\n"
 
+#, c-format
+msgid ""
+"%s: Selected uid(s) are higher than LASTLOG_UID_MAX (%lu),\n"
+"\tthey will not be updated.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: Failed to update the lastlog file\n"
 msgstr "%s: Zurücksetzen des lastlog-Eintrags für UID %lu fehlgeschlagen: %s\n"
@@ -1532,6 +1750,54 @@ msgstr ""
 msgid "Usage: logoutd\n"
 msgstr "Aufruf: logoutd\n"
 
+#, c-format
+msgid "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"
+msgstr ""
+
+#, c-format
+msgid ""
+"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+msgstr ""
+
+#, c-format
+msgid "%s: kernel doesn't support setgroups restrictions\n"
+msgstr ""
+
+#, c-format
+msgid "%s: couldn't open process setgroups: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: failed to remove %s\n"
+msgid "%s: failed to read setgroups: %s\n"
+msgstr "%s: Entfernen von %s fehlgeschlagen\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to remove %s\n"
+msgid "%s: failed to seek setgroups: %s\n"
+msgstr "%s: Entfernen von %s fehlgeschlagen\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to unlock %s\n"
+msgid "%s: failed to setgroups %s policy: %s\n"
+msgstr "%s: Entsperren von %s fehlgeschlagen\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to find tcb directory for %s\n"
+msgid "%s: Could not open proc directory for target %u\n"
+msgstr "%s: tcb-Verzeichnis für %s konnte nicht gefunden werden\n"
+
+#, fuzzy, c-format
+#| msgid "%s: Failed to create tcb directory for %s\n"
+msgid "%s: Could not stat directory for target %u\n"
+msgstr "%s: Erstellen des tcb-Verzeichnisses für %s fehlgeschlagen\n"
+
+#, c-format
+msgid ""
+"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
+"gid:%lu pw_gid:%lu st_gid:%lu\n"
+msgstr ""
+
 msgid "Usage: newgrp [-] [group]\n"
 msgstr "Aufruf: newgrp [-] [Gruppe]\n"
 
@@ -1556,6 +1822,26 @@ msgstr "%s: GID »%lu« existiert nicht.\n"
 msgid "too many groups\n"
 msgstr "zu viele Gruppen\n"
 
+#, c-format
+msgid "%s: uid range [%lu-%lu) -> [%lu-%lu) not allowed\n"
+msgstr ""
+
+#, c-format
+msgid ""
+"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+msgstr ""
+
+#, c-format
+msgid ""
+"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
+"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
+msgstr ""
+
+#, fuzzy
+#| msgid "  -q, --quiet                   quiet mode\n"
+msgid "  -b, --badnames                allow bad names\n"
+msgstr "  -q, --quiet                   Nicht so geschwätzig verhalten\n"
+
 msgid "  -r, --system                  create system accounts\n"
 msgstr "  -r, --system                  Systemzugänge erzeugen\n"
 
@@ -1598,6 +1884,11 @@ msgstr "%s: Zeile %d: Benutzer »%s« existiert nicht in %s.\n"
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: Zeile %d: Passwort kann nicht aktualisiert werden.\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: mkdir %s failed: %s\n"
+msgid "%s: line %d: homedir must be an absolute path\n"
+msgstr "%s: Zeile %d: mkdir %s (Verzeichnis erstellen) fehlgeschlagen: %s\n"
+
 #, c-format
 msgid "%s: line %d: mkdir %s failed: %s\n"
 msgstr "%s: Zeile %d: mkdir %s (Verzeichnis erstellen) fehlgeschlagen: %s\n"
@@ -1751,8 +2042,9 @@ msgstr ""
 msgid "%s: repository %s not supported\n"
 msgstr "%s: Repository %s nicht unterstützt\n"
 
-#, c-format
-msgid "%s: %s is not authorized to change the password of %s\n"
+#, fuzzy, c-format
+#| msgid "%s: %s is not authorized to change the password of %s\n"
+msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr "%s: %s ist nicht berechtigt, das Passwort von %s zu ändern.\n"
 
 #, c-format
@@ -1907,9 +2199,11 @@ msgstr "%s: Signalmaskierungs-Fehlfunktion\n"
 msgid "Session terminated, terminating shell..."
 msgstr "Sitzung abgebrochen, Shell wird beendet ..."
 
+#, c-format
 msgid " ...killed.\n"
 msgstr " ... abgeschossen.\n"
 
+#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr " ... Warten auf Beendigung des Kindprozesses.\n"
 
@@ -1920,8 +2214,22 @@ msgstr " ... abgebrochen.\n"
 msgid "%s: %s\n"
 msgstr "%s: %s\n"
 
+#, fuzzy
+#| msgid ""
+#| "Usage: su [options] [LOGIN]\n"
+#| "\n"
+#| "Options:\n"
+#| "  -c, --command COMMAND         pass COMMAND to the invoked shell\n"
+#| "  -h, --help                    display this help message and exit\n"
+#| "  -, -l, --login                make the shell a login shell\n"
+#| "  -m, -p,\n"
+#| "  --preserve-environment        do not reset environment variables, and\n"
+#| "                                keep the same shell\n"
+#| "  -s, --shell SHELL             use SHELL instead of the default in "
+#| "passwd\n"
+#| "\n"
 msgid ""
-"Usage: su [options] [LOGIN]\n"
+"Usage: su [options] [-] [username [args]]\n"
 "\n"
 "Options:\n"
 "  -c, --command COMMAND         pass COMMAND to the invoked shell\n"
@@ -1932,6 +2240,7 @@ msgid ""
 "                                keep the same shell\n"
 "  -s, --shell SHELL             use SHELL instead of the default in passwd\n"
 "\n"
+"If no username is given, assume root.\n"
 msgstr ""
 "Aufruf: su [Optionen] [BENUTZERZUGANG]\n"
 "\n"
@@ -1954,6 +2263,14 @@ msgstr ""
 "%s: %s\n"
 "(Ignoriert)\n"
 
+#, c-format
+msgid "Password field is empty, this is forbidden for all accounts.\n"
+msgstr ""
+
+#, c-format
+msgid "Password field is empty, this is forbidden for super-user.\n"
+msgstr ""
+
 #, c-format
 msgid "You are not authorized to su %s\n"
 msgstr "su %s ist Ihnen nicht erlaubt.\n"
@@ -2018,6 +2335,11 @@ msgstr "%s: %s wurde erstellt, konnte aber nicht entfernt werden\n"
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%s: die %s-Konfiguration in %s wird ignoriert.\n"
 
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "%s: cannot create new defaults file: %s\n"
+msgstr "%s: Neue defaults-Datei kann nicht erzeugt werden.\n"
+
 #, c-format
 msgid "%s: cannot create new defaults file\n"
 msgstr "%s: Neue defaults-Datei kann nicht erzeugt werden.\n"
@@ -2046,6 +2368,11 @@ msgstr "%s: Die Gruppe »%s« ist eine NIS-Gruppe.\n"
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: Zu viele Gruppen angegeben (max. %d).\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Out of memory. Cannot update %s.\n"
+msgid "%s: Out of memory. Cannot find group '%s'.\n"
+msgstr "%s: Zu wenig Speicher. %s kann nicht aktualisiert werden.\n"
+
 #, c-format
 msgid ""
 "Usage: %s [options] LOGIN\n"
@@ -2060,6 +2387,12 @@ msgstr ""
 "\n"
 "Optionen:\n"
 
+#, fuzzy
+#| msgid "  -s, --shadow                  edit shadow or gshadow database\n"
+msgid "      --badnames                do not check for bad names\n"
+msgstr ""
+"  -s, --shadow                  shadow- oder gshadow-Datenbank editieren\n"
+
 msgid ""
 "  -b, --base-dir BASE_DIR       base directory for the home directory of "
 "the\n"
@@ -2068,6 +2401,10 @@ msgstr ""
 "  -b, --base-dir BASIS_VERZ     Basisverzeichnis für das\n"
 "                                Home-Verzeichnis des neuen Benutzers\n"
 
+msgid ""
+"      --btrfs-subvolume-home    use BTRFS subvolume for home directory\n"
+msgstr ""
+
 msgid "  -c, --comment COMMENT         GECOS field of the new account\n"
 msgstr ""
 "  -c, --comment KOMMENTAR       KOMMENTAR für das GECOS-Feld des neuen\n"
@@ -2202,26 +2539,113 @@ msgstr "%s: Ungültiges Feld »%s«\n"
 msgid "%s: invalid shell '%s'\n"
 msgstr "%s: Ungültige Shell »%s«\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Warning: %s is not executable\n"
+msgid "%s: Warning: missing or non-executable shell '%s'\n"
+msgstr "%s: Warnung: %s nicht ausführbar.\n"
+
+#, c-format
+msgid "%s: -Z cannot be used with --prefix\n"
+msgstr ""
+
 #, c-format
 msgid "%s: -Z requires SELinux enabled kernel\n"
 msgstr "%s: -Z erfordert einen Kernel, in dem SELinux aktiviert ist.\n"
 
+#, fuzzy, c-format
+#| msgid "%s: invalid user name '%s'\n"
+msgid "%s: invalid user name '%s': use --badname to ignore\n"
+msgstr "%s: Ungültiger Benutzername »%s«\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
+msgid "%s: failed to open the faillog file for UID %lu: %s\n"
+msgstr "%s: Zurücksetzen des faillog-Eintrags für UID %lu fehlgeschlagen: %s\n"
+
 #, c-format
 msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
 msgstr "%s: Zurücksetzen des faillog-Eintrags für UID %lu fehlgeschlagen: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
+msgid "%s: failed to close the faillog file for UID %lu: %s\n"
+msgstr "%s: Zurücksetzen des faillog-Eintrags für UID %lu fehlgeschlagen: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
+msgid "%s: failed to open the lastlog file for UID %lu: %s\n"
+msgstr "%s: Zurücksetzen des lastlog-Eintrags für UID %lu fehlgeschlagen: %s\n"
+
 #, c-format
 msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
 msgstr "%s: Zurücksetzen des lastlog-Eintrags für UID %lu fehlgeschlagen: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
+msgid "%s: failed to close the lastlog file for UID %lu: %s\n"
+msgstr "%s: Zurücksetzen des lastlog-Eintrags für UID %lu fehlgeschlagen: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
+msgid "%s: failed to reset the tallylog entry of user \"%s\"\n"
+msgstr "%s: Zurücksetzen des faillog-Eintrags für UID %lu fehlgeschlagen: %s\n"
+
 #, fuzzy, c-format
 msgid "%s: failed to prepare the new %s entry\n"
 msgstr "%s: Vorbereiten des neuen %s-Eintrags »%s« fehlgeschlagen.\n"
 
+#, fuzzy, c-format
+#| msgid "%s: error changing fields\n"
+msgid "%s: error while duplicating string %s\n"
+msgstr "%s: Fehler beim Ändern der Felder\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create directory %s\n"
+msgid "%s: cannot set SELinux context for home directory %s\n"
+msgstr "%s: Verzeichnis %s kann nicht erstellt werden.\n"
+
+#, c-format
+msgid "%s: error while duplicating string in BTRFS check %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: %s home directory (%s) not found\n"
+msgid "%s: home directory \"%s\" must be mounted on BTRFS\n"
+msgstr "%s: %s-Home-Verzeichnis (%s) nicht gefunden\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to allocate memory: %s\n"
+msgid "%s: failed to create BTRFS subvolume: %s\n"
+msgstr "%s: Speicherreservierung fehlgeschlagen: %s\n"
+
 #, c-format
 msgid "%s: cannot create directory %s\n"
 msgstr "%s: Verzeichnis %s kann nicht erstellt werden.\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: warning: chown on `%s' failed: %m\n"
+msgstr "%s: Zeile %d: chown %s (Eigentümer ändern) fehlgeschlagen: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: warning: chmod on `%s' failed: %m\n"
+msgstr "%s: Zeile %d: chown %s (Eigentümer ändern) fehlgeschlagen: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: warning: chown on '%s' failed: %m\n"
+msgstr "%s: Zeile %d: chown %s (Eigentümer ändern) fehlgeschlagen: %s\n"
+
+#, c-format
+msgid "%s: cannot reset SELinux file creation context\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Cannot create SELinux login mapping for %s\n"
+msgid "%s: cannot set SELinux context for mailbox file %s\n"
+msgstr "SELinux-Login-Zuordnung für %s kann nicht erstellt werden\n"
+
 msgid "Creating mailbox file"
 msgstr "Erzeugen der Mailbox-Datei"
 
@@ -2234,6 +2658,17 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "Zugriffsrechte der Mailboxdatei werden gesetzt"
 
+#, c-format
+msgid ""
+"%s warning: %s's uid %d outside of the SYS_UID_MIN %d and SYS_UID_MAX %d "
+"range.\n"
+msgstr ""
+
+#, c-format
+msgid ""
+"%s warning: %s's uid %d outside of the UID_MIN %d and UID_MAX %d range.\n"
+msgstr ""
+
 #, c-format
 msgid "%s: user '%s' already exists\n"
 msgstr "%s: Benutzer »%s« existiert bereits\n"
@@ -2269,10 +2704,13 @@ msgstr "%s: Benutzer kann nicht erstellt werden\n"
 msgid "%s: can't create subordinate group IDs\n"
 msgstr "%s: Gruppe kann nicht erzeugt werden\n"
 
-#, c-format
+#, fuzzy, c-format
+#| msgid ""
+#| "%s: warning: the home directory already exists.\n"
+#| "Not copying any file from skel directory into it.\n"
 msgid ""
-"%s: warning: the home directory already exists.\n"
-"Not copying any file from skel directory into it.\n"
+"%s: warning: the home directory %s already exists.\n"
+"%s: Not copying any file from skel directory into it.\n"
 msgstr ""
 "%s: Warnung: Das Home-Verzeichnis existiert bereits.\n"
 "Es werden keine Dateien vom skel-Verzeichnis dorthin kopiert.\n"
@@ -2283,9 +2721,15 @@ msgstr ""
 "%s: Warnung: Die SELinux-Benutzer-Zuordnung des Benutzernamens %s zu %s ist\n"
 "fehlgeschlagen.\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -f, --force                   force removal of files,\n"
+#| "                                even if not owned by user\n"
 msgid ""
-"  -f, --force                   force removal of files,\n"
-"                                even if not owned by user\n"
+"  -f, --force                   force some actions that would fail "
+"otherwise\n"
+"                                e.g. removal of user still logged in\n"
+"                                or files, even if not owned by the user\n"
 msgstr ""
 "  -f, --force                   Entfernen von Dateien erzwingen, auch wenn\n"
 "                                sie nicht Eigentum des zu löschenden\n"
@@ -2368,6 +2812,11 @@ msgstr ""
 "%s: Verzeichnis %s wird nicht gelöscht (würde das Home-Verzeichnis des\n"
 "Benutzers %s löschen).\n"
 
+#, fuzzy, c-format
+#| msgid "%s: error removing directory %s\n"
+msgid "%s: error removing subvolume %s\n"
+msgstr "%s: Fehler beim Löschen des Verzeichnisses %s\n"
+
 #, c-format
 msgid "%s: error removing directory %s\n"
 msgstr "%s: Fehler beim Löschen des Verzeichnisses %s\n"
@@ -2482,6 +2931,10 @@ msgstr ""
 msgid "%s: user '%s' already exists in %s\n"
 msgstr "%s: Benutzer »%s« existiert bereits in %s.\n"
 
+#, c-format
+msgid "%s: homedir must be an absolute path\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: invalid subordinate uid range '%s'\n"
 msgstr "%s: Ungültiges Datum »%s«\n"
@@ -2526,6 +2979,10 @@ msgstr ""
 msgid "%s: Failed to change ownership of the home directory"
 msgstr "%s: Ändern des Eigentümers vom Home-Verzeichnis fehlgeschlagen"
 
+#, c-format
+msgid "%s: error: cannot move subvolume from %s to %s - different device\n"
+msgstr ""
+
 #, c-format
 msgid "%s: warning: failed to completely remove old home directory %s"
 msgstr ""
@@ -2562,7 +3019,7 @@ msgid "%s: failed to remove uid range %lu-%lu from '%s'\n"
 msgstr "%s: Vorbereiten des neuen %s-Eintrags »%s« fehlgeschlagen.\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to add uid range %lu-%lu from '%s'\n"
+msgid "%s: failed to add uid range %lu-%lu to '%s'\n"
 msgstr "%s: Vorbereiten des neuen %s-Eintrags »%s« fehlgeschlagen.\n"
 
 #, fuzzy, c-format
@@ -2570,7 +3027,7 @@ msgid "%s: failed to remove gid range %lu-%lu from '%s'\n"
 msgstr "%s: Vorbereiten des neuen %s-Eintrags »%s« fehlgeschlagen.\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to add gid range %lu-%lu from '%s'\n"
+msgid "%s: failed to add gid range %lu-%lu to '%s'\n"
 msgstr "%s: Vorbereiten des neuen %s-Eintrags »%s« fehlgeschlagen.\n"
 
 #, c-format
@@ -2663,3 +3120,6 @@ msgstr ""
 #, c-format
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: tcb-Verzeichnis für %s konnte nicht gefunden werden\n"
+
+#~ msgid "Username         Port     From             Latest"
+#~ msgstr "Benutzername     Port     Von              Letzter"

po/dz.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.0.17\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2016-09-18 14:03-0500\n"
+"POT-Creation-Date: 2021-07-04 12:20+0200\n"
 "PO-Revision-Date: 2006-06-01 15:28+0530\n"
 "Last-Translator: Jurmey Rabgay <jur_gay@yahoo.com>\n"
 "Language-Team: dzongkha <pgeyleg@dit.gov.bt>\n"
@@ -55,6 +55,15 @@ msgstr "ཆོག་ཡིག་:"
 msgid "%s's Password: "
 msgstr "%s's ཆོག་ཡིག་:"
 
+#, fuzzy
+#| msgid "Cannot open the password file.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "ཆོག་ཡིག་ཡིག་སྣོད་ ཁ་ཕྱེ་མི་ཚུགས།\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
 #, c-format
 msgid "[libsemanage]: %s\n"
 msgstr ""
@@ -301,14 +310,18 @@ msgstr[1] ""
 "མཇུག་མམ་གྱི་ནང་བསྐྱོད་འབད་ཞིནམ་ལས་ཚུར་ %dའཐུས་ཤོར་ཚུ།\n"
 "མཇུག་མམ་ %s འདི་ %s གུ་ཨིན་པས།\n"
 
+#, c-format
+msgid ""
+"%s: Invalid configuration: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
+"(%lu)\n"
+msgstr ""
+
 #, c-format
 msgid "%s: Invalid configuration: GID_MIN (%lu), GID_MAX (%lu)\n"
 msgstr ""
 
 #, c-format
-msgid ""
-"%s: Invalid configuration: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
-"(%lu)\n"
+msgid "%s: Encountered error attempting to use preferred GID: %s\n"
 msgstr ""
 
 #, fuzzy, c-format
@@ -316,31 +329,107 @@ msgid "%s: failed to allocate memory: %s\n"
 msgstr "ཡིག་སྒྲོམ་བདག་པོ་སོར་ནི་ལུ་ འཐུས་ཤོར་བྱུང་ཡོདཔ།"
 
 #, fuzzy, c-format
-msgid "%s: Can't get unique system GID (no more available GIDs)\n"
+msgid ""
+"%s: Can't get unique system GID (%s). Suppressing additional messages.\n"
 msgstr "%s: ཐུན་མོང་ ཡུ་ཨའི་ཌི་འཐོབ་མི་ཚུགས།\n"
 
+#, fuzzy, c-format
+msgid "%s: Can't get unique GID (%s). Suppressing additional messages.\n"
+msgstr "%s: ཐུན་མོང་མ་ཡིན་པའི་ ཇི་ཨའི་ཌི་འཐོབ་མི་ཚུགས།\n"
+
 #, fuzzy, c-format
 msgid "%s: Can't get unique GID (no more available GIDs)\n"
 msgstr "%s: ཐུན་མོང་མ་ཡིན་པའི་ ཇི་ཨའི་ཌི་འཐོབ་མི་ཚུགས།\n"
 
 #, c-format
-msgid "%s: Invalid configuration: UID_MIN (%lu), UID_MAX (%lu)\n"
+msgid ""
+"%s: Invalid configuration: SUB_GID_MIN (%lu), SUB_GID_MAX (%lu), "
+"SUB_GID_COUNT (%lu)\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: Can't get unique subordinate GID range\n"
+msgstr "%s: %sགསར་བསྐྲུན་འབད་མི་ཚུགས།\n"
+
+#, c-format
+msgid ""
+"%s: Invalid configuration: SUB_UID_MIN (%lu), SUB_UID_MAX (%lu), "
+"SUB_UID_COUNT (%lu)\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Can't get unique subordinate UID range\n"
+msgstr "%s: %sགསར་བསྐྲུན་འབད་མི་ཚུགས།\n"
+
 #, c-format
 msgid ""
 "%s: Invalid configuration: SYS_UID_MIN (%lu), UID_MIN (%lu), SYS_UID_MAX "
 "(%lu)\n"
 msgstr ""
 
+#, c-format
+msgid "%s: Invalid configuration: UID_MIN (%lu), UID_MAX (%lu)\n"
+msgstr ""
+
+#, c-format
+msgid "%s: Encountered error attempting to use preferred UID: %s\n"
+msgstr ""
+
 #, fuzzy, c-format
-msgid "%s: Can't get unique system UID (no more available UIDs)\n"
+msgid ""
+"%s: Can't get unique system UID (%s). Suppressing additional messages.\n"
+msgstr "%s: ཐུན་མོང་ ཡུ་ཨའི་ཌི་འཐོབ་མི་ཚུགས།\n"
+
+#, fuzzy, c-format
+msgid "%s: Can't get unique UID (%s). Suppressing additional messages.\n"
 msgstr "%s: ཐུན་མོང་ ཡུ་ཨའི་ཌི་འཐོབ་མི་ཚུགས།\n"
 
 #, fuzzy, c-format
 msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: ཐུན་མོང་ ཡུ་ཨའི་ཌི་འཐོབ་མི་ཚུགས།\n"
 
+#, c-format
+msgid "%s: Not enough arguments to form %u mappings\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Memory allocation failure\n"
+msgstr "%s: པི་ཨེ་ཨེམ་ བདེན་བཤད་འཐུས་ཤོར་བྱུང་ཡོདཔ།\n"
+
+#, c-format
+msgid "%s: subuid overflow detected.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: invalid field '%s'\n"
+msgid "%s: Invalid map file %s specified\n"
+msgstr "%s: ནུས་མེད་ཀྱི་ས་སྒོ་ '%s'།\n"
+
+#, c-format
+msgid "%s: Could not prctl(PR_SET_KEEPCAPS)\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Could not seteuid to %d\n"
+msgstr "རིམ་སྒྲིག་བརྡ་དོན་གྱི་དོན་ལུ་ བར་སྟོང་སྤྲོད་མ་ཚུགས།\n"
+
+#, fuzzy, c-format
+msgid "%s: Could not set caps\n"
+msgstr "རིམ་སྒྲིག་བརྡ་དོན་གྱི་དོན་ལུ་ བར་སྟོང་སྤྲོད་མ་ཚུགས།\n"
+
+#, fuzzy, c-format
+#| msgid "%s: can't open file\n"
+msgid "%s: snprintf failed!\n"
+msgstr "%s: ཡིག་སྣོད་ཁ་ཕྱེ་མི་ཚུགས།\n"
+
+#, fuzzy, c-format
+msgid "%s: open of %s failed: %s\n"
+msgstr "%s: གྲལ་ཐིག་ %d: chown འཐུས་ཤོར་བྱུང་ཡོདཔ།\n"
+
+#, fuzzy, c-format
+msgid "%s: write to %s failed: %s\n"
+msgstr "%s: གྲལ་ཐིག་ %d: chown འཐུས་ཤོར་བྱུང་ཡོདཔ།\n"
+
 msgid "Too many logins.\n"
 msgstr "ནང་བསྐྱོད་མང་དྲགས་པ།\n"
 
@@ -393,6 +482,27 @@ msgstr "ཆོག་ཡིག་སོར་ཡོདཔ།"
 msgid "passwd: password updated successfully\n"
 msgstr "ཆོག་ཡིག་:ཆོག་ཡིག་འདི་མཐར་འཁྱོལ་སྦེ་ དུས་མཐུན་བཟོ་ཡི།\n"
 
+#, c-format
+msgid "%s: PAM modules requesting echoing are not supported.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: repository %s not supported\n"
+msgid "%s: conversation type %d not supported.\n"
+msgstr "%s: མཛོད་གནས་ %sའདི་ རྒྱབ་སྐྱོར་མ་འབད་བས།\n"
+
+#, fuzzy, c-format
+#| msgid "%s: pam_start: error %d\n"
+msgid "%s: (user %s) pam_start failure %d\n"
+msgstr "%s: pam_start:འཛོལ་བ་%d(_s)\n"
+
+#, fuzzy, c-format
+#| msgid "passwd: pam_start() failed, error %d\n"
+msgid ""
+"%s: (user %s) pam_chauthtok() failed, error:\n"
+"%s\n"
+msgstr "ཆོག་ཡིག་:པམ་སི་ཊཊི་()འཐུས་ཤོར་བྱུང་ཡོདཔ་(_s) འཛོལ་བ་ %d\n"
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "%s གི་དོན་ལུ་ བདེན་མེད་ཀྱི་ཆོག་ཡིག\n"
@@ -425,12 +535,23 @@ msgstr "%s: སྣོད་ཐོ་ %s གསར་བསྐྲུན་འབ
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: སྣོད་ཐོ་ %s གསར་བསྐྲུན་འབད་མི་ཚུགས།\n"
 
+#, c-format
+msgid "Unable to obtain random bytes.\n"
+msgstr ""
+
 #, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
 "Defaulting to DES.\n"
 msgstr ""
 
+#, c-format
+msgid ""
+"Unable to generate a salt from setting \"%s\", check your settings in "
+"ENCRYPT_METHOD and the corresponding configuration for your selected hash "
+"method.\n"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "'%s'ལུ་ སི་ཌི་འབད་མ་ཚུགས་\n"
@@ -450,6 +571,15 @@ msgstr "ནུས་མེད་རྩ་བའི་སྣོད་ཐོ་ '%
 msgid "Can't change root directory to '%s'\n"
 msgstr " '%s'ལུ་ རྩ་བའི་སྣོད་ཐོ་བསྒྱུར་བཅོས་འབད་མི་ཚུགས།\n"
 
+#, c-format
+msgid "%s: user %s is currently logged in\n"
+msgstr "%s: ལག་ལེན་པ་  %sའདི་ ད་ལྟོ་རང་ནང་བསྐྱོད་འབད་ཡི།\n"
+
+#, fuzzy, c-format
+#| msgid "%s: user %s is currently logged in\n"
+msgid "%s: user %s is currently used by process %d\n"
+msgstr "%s: ལག་ལེན་པ་  %sའདི་ ད་ལྟོ་རང་ནང་བསྐྱོད་འབད་ཡི།\n"
+
 msgid "Unable to determine your tty name."
 msgstr "ཁྱོད་ཀྱི་ཊི་ཊི་ཝའི་མིང་ གཏན་འབེབས་བཟོ་མ་ཚུགས།"
 
@@ -476,6 +606,9 @@ msgstr ""
 msgid "  -h, --help                    display this help message and exit\n"
 msgstr ""
 
+msgid "  -i, --iso8601                 use YYYY-MM-DD when printing dates\n"
+msgstr ""
+
 msgid ""
 "  -I, --inactive INACTIVE       set password inactive after expiration\n"
 "                                to INACTIVE\n"
@@ -652,6 +785,10 @@ msgstr "ཁྱིམ་གྱི་བརྒྱུད་འཕྲིན།"
 msgid "Other"
 msgstr "གཞན།"
 
+#, c-format
+msgid "%s: fields too long\n"
+msgstr "%s: ས་སྒོ་ཚུ་རིང་དྲགས་པས།\n"
+
 msgid "Cannot change ID to root.\n"
 msgstr "རྩ་བ་ལུ་ ཨའི་ཌི་ བསྒྱུར་བཅོས་འབད་མི་ཚུགས།\n"
 
@@ -703,10 +840,6 @@ msgstr "%s: '%s' འདི་ ཞབས་ཏོག་སྤྱོད་མི
 msgid "Changing the user information for %s\n"
 msgstr "%sགི་དོན་ལུ་ ལག་ལེན་པའི་བརྡ་དོན་ བསྒྱུར་བཅོས་འབད་དོ།\n"
 
-#, c-format
-msgid "%s: fields too long\n"
-msgstr "%s: ས་སྒོ་ཚུ་རིང་དྲགས་པས།\n"
-
 #, fuzzy, c-format
 msgid ""
 "Usage: %s [options]\n"
@@ -727,8 +860,8 @@ msgid ""
 msgstr ""
 
 msgid ""
-"  -s, --sha-rounds              number of SHA rounds for the SHA*\n"
-"                                crypt algorithms\n"
+"  -s, --sha-rounds              number of rounds for the SHA, BCRYPT\n"
+"                                or YESCRYPT crypt algorithms\n"
 msgstr ""
 
 #, fuzzy, c-format
@@ -1003,6 +1136,17 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr ""
 
+msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
+msgstr ""
+
+msgid "  -U, --users USERS             list of user members of this group\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Invalid member username %s\n"
+msgstr "ནུས་མེད་ལག་ལེན་པའི་མིང་ '%s'\n"
+
 #, fuzzy, c-format
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: %s འདི་ ནུས་ཅན་གྱི་སྡེ་ཚན་མིང་མེན་པས།\n"
@@ -1027,6 +1171,11 @@ msgstr ""
 msgid "%s: Cannot setup cleanup service.\n"
 msgstr "%s: ཁྱོད་ཀྱི་ལག་ལེན་པའི་མིང་ གཏན་འབེབས་བཟོ་མི་ཚུགས།\n"
 
+msgid ""
+"  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/"
+"* files\n"
+msgstr ""
+
 msgid ""
 "  -f, --force                   delete group even if it is the primary group "
 "of a user\n"
@@ -1102,6 +1251,12 @@ msgstr ""
 msgid "%s: only root can use the -g/--group option\n"
 msgstr ""
 
+msgid ""
+"  -a, --append                  append the users mentioned by -U option to "
+"the group \n"
+"                                without removing existing user members\n"
+msgstr ""
+
 msgid "  -g, --gid GID                 change the group ID to GID\n"
 msgstr ""
 
@@ -1151,6 +1306,10 @@ msgstr ""
 msgid "  -s, --sort                    sort entries by UID\n"
 msgstr ""
 
+msgid ""
+"  -S, --silence-warnings        silence controversial/paranoid warnings\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: -s and -r are incompatible\n"
 msgstr "%s: -s དང་ -r གཉིས་མཐུན་འགྱུར་ཅན་མེན།\n"
@@ -1256,8 +1415,10 @@ msgid ""
 "  -u, --user LOGIN              print lastlog record of the specified LOGIN\n"
 msgstr ""
 
-msgid "Username         Port     From             Latest"
-msgstr "ལག་ལེན་པའི་མིང་         འདྲེན་ལམ་     ལས་             མཇུག་མཐའ།"
+#, fuzzy, c-format
+#| msgid "Username                Port     Latest"
+msgid "Username         Port     From%*sLatest\n"
+msgstr "ལག་ལེན་པའི་མིང་                འདྲེན་ལམ་    མཇུག་མཐའ།"
 
 msgid "Username                Port     Latest"
 msgstr "ལག་ལེན་པའི་མིང་                འདྲེན་ལམ་    མཇུག་མཐའ།"
@@ -1265,10 +1426,22 @@ msgstr "ལག་ལེན་པའི་མིང་                འདྲ
 msgid "**Never logged in**"
 msgstr "**ནམ་ཡང་ནང་བསྐྱོད་མ་འབད་**"
 
+#, c-format
+msgid ""
+"%s: Selected uid(s) are higher than LASTLOG_UID_MAX (%lu),\n"
+"\tthe output might be incorrect.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: Failed to update the entry for UID %lu\n"
 msgstr "%s: སྣོད་ཐོ་ %s གསར་བསྐྲུན་འབད་མི་ཚུགས།\n"
 
+#, c-format
+msgid ""
+"%s: Selected uid(s) are higher than LASTLOG_UID_MAX (%lu),\n"
+"\tthey will not be updated.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: Failed to update the lastlog file\n"
 msgstr "%s: ཆོག་ཡིག་ཡིག་སྣོད་ དུས་མཐུན་བཟོ་མ་ཚུགས།\n"
@@ -1397,6 +1570,50 @@ msgstr ""
 msgid "Usage: logoutd\n"
 msgstr "ལག་ལེན་པ་: id\n"
 
+#, c-format
+msgid "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"
+msgstr ""
+
+#, c-format
+msgid ""
+"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+msgstr ""
+
+#, c-format
+msgid "%s: kernel doesn't support setgroups restrictions\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: can't open group file\n"
+msgid "%s: couldn't open process setgroups: %s\n"
+msgstr "%s: སྡེ་ཚན་ལྡེ་མིག་ ཁ་ཕྱེ་མི་ཚུགས།\n"
+
+#, fuzzy, c-format
+msgid "%s: failed to read setgroups: %s\n"
+msgstr "%s: ཁེ་དབང་(%s)ཚུ་བཀོག་ནིའི་འཐུས་ཤོར་བྱུང་ཡོདཔ།\n"
+
+#, fuzzy, c-format
+msgid "%s: failed to seek setgroups: %s\n"
+msgstr "%s: ཁེ་དབང་(%s)ཚུ་བཀོག་ནིའི་འཐུས་ཤོར་བྱུང་ཡོདཔ།\n"
+
+#, fuzzy, c-format
+msgid "%s: failed to setgroups %s policy: %s\n"
+msgstr "%s: ས་སྒོ་ཚུ་རིང་དྲགས་པས།\n"
+
+#, fuzzy, c-format
+msgid "%s: Could not open proc directory for target %u\n"
+msgstr "%s: ནུས་མེད་གཞི་རྟེན་སྣོད་ཐོ་'%s'།\n"
+
+#, fuzzy, c-format
+msgid "%s: Could not stat directory for target %u\n"
+msgstr "%s: སྣོད་ཐོ་ %s གསར་བསྐྲུན་འབད་མི་ཚུགས།\n"
+
+#, c-format
+msgid ""
+"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
+"gid:%lu pw_gid:%lu st_gid:%lu\n"
+msgstr ""
+
 msgid "Usage: newgrp [-] [group]\n"
 msgstr "ལག་ལེན་: newgrp [-][ སྡེ་ཚན་]\n"
 
@@ -1422,6 +1639,24 @@ msgstr "%s: ལག་ལེན་པ་  %sའདི་ མེད།\n"
 msgid "too many groups\n"
 msgstr "སྡེ་ཚན་མང་དྲགས་པ།\n"
 
+#, c-format
+msgid "%s: uid range [%lu-%lu) -> [%lu-%lu) not allowed\n"
+msgstr ""
+
+#, c-format
+msgid ""
+"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+msgstr ""
+
+#, c-format
+msgid ""
+"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
+"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
+msgstr ""
+
+msgid "  -b, --badnames                allow bad names\n"
+msgstr ""
+
 msgid "  -r, --system                  create system accounts\n"
 msgstr ""
 
@@ -1461,6 +1696,10 @@ msgstr "%s: ལག་ལེན་པ་  %sའདི་ མེད།\n"
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: གྲལ་ཐིག་ %d: ཆོག་ཡིག་དུས་མཐུན་བཟོ་མི་ཚུགས།\n"
 
+#, fuzzy, c-format
+msgid "%s: line %d: homedir must be an absolute path\n"
+msgstr "%s: གྲལ་ཐིག་ %d: mkdir འཐུས་ཤོར་བྱུང་ཡོདཔ།\n"
+
 #, fuzzy, c-format
 msgid "%s: line %d: mkdir %s failed: %s\n"
 msgstr "%s: གྲལ་ཐིག་ %d: mkdir འཐུས་ཤོར་བྱུང་ཡོདཔ།\n"
@@ -1591,7 +1830,7 @@ msgid "%s: repository %s not supported\n"
 msgstr "%s: མཛོད་གནས་ %sའདི་ རྒྱབ་སྐྱོར་མ་འབད་བས།\n"
 
 #, c-format
-msgid "%s: %s is not authorized to change the password of %s\n"
+msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr ""
 
 #, c-format
@@ -1736,9 +1975,11 @@ msgstr ""
 msgid "Session terminated, terminating shell..."
 msgstr ""
 
+#, c-format
 msgid " ...killed.\n"
 msgstr ""
 
+#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr ""
 
@@ -1751,7 +1992,7 @@ msgstr "%s: %s\n"
 
 #, fuzzy
 msgid ""
-"Usage: su [options] [LOGIN]\n"
+"Usage: su [options] [-] [username [args]]\n"
 "\n"
 "Options:\n"
 "  -c, --command COMMAND         pass COMMAND to the invoked shell\n"
@@ -1762,6 +2003,7 @@ msgid ""
 "                                keep the same shell\n"
 "  -s, --shell SHELL             use SHELL instead of the default in passwd\n"
 "\n"
+"If no username is given, assume root.\n"
 msgstr ""
 "ལག་ལེན་: ཟླ་ [གདམ་ཁ་ཚུ་] [ནང་བསྐྱོད་]\n"
 "\n"
@@ -1783,6 +2025,14 @@ msgstr ""
 "%s: %s\n"
 "(སྣང་མེད་བཞག་ཡོདཔ་)\n"
 
+#, c-format
+msgid "Password field is empty, this is forbidden for all accounts.\n"
+msgstr ""
+
+#, c-format
+msgid "Password field is empty, this is forbidden for super-user.\n"
+msgstr ""
+
 #, c-format
 msgid "You are not authorized to su %s\n"
 msgstr "ཁྱོད་ ཟླ་%sལུ་ དབང་སྤྲོད་མ་འབད།\n"
@@ -1847,6 +2097,11 @@ msgstr ""
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr ""
 
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "%s: cannot create new defaults file: %s\n"
+msgstr "%s: སྔོན་སྒྲིག་ཡིག་སྣོད་གསརཔ་ གསར་བསྐྲུན་འབད་མི་ཚུགས།\n"
+
 #, c-format
 msgid "%s: cannot create new defaults file\n"
 msgstr "%s: སྔོན་སྒྲིག་ཡིག་སྣོད་གསརཔ་ གསར་བསྐྲུན་འབད་མི་ཚུགས།\n"
@@ -1875,6 +2130,10 @@ msgstr "%s: སྡེ་ཚན་ '%s' འདི་ ཨེན་ཨའི་ཨ
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: སྡེ་ཚན་མང་རབས་ཅིག་གསལ་བཀོད་འབད་ཡོདཔ་(མང་མཐའ་ %d)།\n"
 
+#, fuzzy, c-format
+msgid "%s: Out of memory. Cannot find group '%s'.\n"
+msgstr "%s: དུས་མཐུན་སྡེ་ཚན་ནང་ལུ་ དྲན་ཚད་ལས་བརྒལ་བ།\n"
+
 #, fuzzy, c-format
 msgid ""
 "Usage: %s [options] LOGIN\n"
@@ -1884,12 +2143,19 @@ msgid ""
 "Options:\n"
 msgstr "ལག་ལེན་: %s [ཨིན་པུཊི་]\n"
 
+msgid "      --badnames                do not check for bad names\n"
+msgstr ""
+
 msgid ""
 "  -b, --base-dir BASE_DIR       base directory for the home directory of "
 "the\n"
 "                                new account\n"
 msgstr ""
 
+msgid ""
+"      --btrfs-subvolume-home    use BTRFS subvolume for home directory\n"
+msgstr ""
+
 msgid "  -c, --comment COMMENT         GECOS field of the new account\n"
 msgstr ""
 
@@ -1992,26 +2258,102 @@ msgstr "%s: ནུས་མེད་ཀྱི་ས་སྒོ་ '%s'།\n"
 msgid "%s: invalid shell '%s'\n"
 msgstr "%s: ནུས་མེད་ཤལ་ '%s'།\n"
 
+#, fuzzy, c-format
+msgid "%s: Warning: missing or non-executable shell '%s'\n"
+msgstr "%s: ཉེན་བརྡ་: %s འདི་ %s གིས་ བདག་དབང་བཟུངམ་མེན།\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot rewrite password file\n"
+msgid "%s: -Z cannot be used with --prefix\n"
+msgstr "%s: ཆོག་ཡིག་ཡིག་སྣོད་འདི་ ལོག་འབྲི་མི་བཏུབ།\n"
+
 #, c-format
 msgid "%s: -Z requires SELinux enabled kernel\n"
 msgstr ""
 
+#, fuzzy, c-format
+#| msgid "%s: invalid user name '%s'\n"
+msgid "%s: invalid user name '%s': use --badname to ignore\n"
+msgstr "%s: ནུས་མེད་ལག་ལེན་པའི་མིང་ '%s'།\n"
+
+#, fuzzy, c-format
+msgid "%s: failed to open the faillog file for UID %lu: %s\n"
+msgstr "%s: སྣོད་ཐོ་ %s གསར་བསྐྲུན་འབད་མི་ཚུགས།\n"
+
 #, c-format
 msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to close the faillog file for UID %lu: %s\n"
+msgstr "%s: སྣོད་ཐོ་ %s གསར་བསྐྲུན་འབད་མི་ཚུགས།\n"
+
+#, fuzzy, c-format
+msgid "%s: failed to open the lastlog file for UID %lu: %s\n"
+msgstr "%s: ཆོག་ཡིག་ཡིག་སྣོད་ དུས་མཐུན་བཟོ་མ་ཚུགས།\n"
+
 #, c-format
 msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: failed to close the lastlog file for UID %lu: %s\n"
+msgstr "%s: སྣོད་ཐོ་ %s གསར་བསྐྲུན་འབད་མི་ཚུགས།\n"
+
+#, fuzzy, c-format
+msgid "%s: failed to reset the tallylog entry of user \"%s\"\n"
+msgstr "%s: སྣོད་ཐོ་ %s གསར་བསྐྲུན་འབད་མི་ཚུགས།\n"
+
 #, fuzzy, c-format
 msgid "%s: failed to prepare the new %s entry\n"
 msgstr "%s: ཁེ་དབང་(%s)ཚུ་བཀོག་ནིའི་འཐུས་ཤོར་བྱུང་ཡོདཔ།\n"
 
+#, fuzzy, c-format
+#| msgid "%s: error updating files\n"
+msgid "%s: error while duplicating string %s\n"
+msgstr "%s: ཡིག་སྣོད་དུས་མཐུན་བཟོ་བའི་སྐབས་ལུ་ འཛོལ་བ།\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create directory %s\n"
+msgid "%s: cannot set SELinux context for home directory %s\n"
+msgstr "%s: སྣོད་ཐོ་ %s གསར་བསྐྲུན་འབད་མི་ཚུགས།\n"
+
+#, c-format
+msgid "%s: error while duplicating string in BTRFS check %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: home directory \"%s\" must be mounted on BTRFS\n"
+msgstr "%s: ནུས་མེད་ཁྱིམ་གྱི་སྣོད་ཐོ་  '%s'།\n"
+
+#, fuzzy, c-format
+msgid "%s: failed to create BTRFS subvolume: %s\n"
+msgstr "ཡིག་སྒྲོམ་བདག་པོ་སོར་ནི་ལུ་ འཐུས་ཤོར་བྱུང་ཡོདཔ།"
+
 #, c-format
 msgid "%s: cannot create directory %s\n"
 msgstr "%s: སྣོད་ཐོ་ %s གསར་བསྐྲུན་འབད་མི་ཚུགས།\n"
 
+#, fuzzy, c-format
+msgid "%s: warning: chown on `%s' failed: %m\n"
+msgstr "%s: གྲལ་ཐིག་ %d: chown འཐུས་ཤོར་བྱུང་ཡོདཔ།\n"
+
+#, fuzzy, c-format
+msgid "%s: warning: chmod on `%s' failed: %m\n"
+msgstr "%s: གྲལ་ཐིག་ %d: chown འཐུས་ཤོར་བྱུང་ཡོདཔ།\n"
+
+#, fuzzy, c-format
+msgid "%s: warning: chown on '%s' failed: %m\n"
+msgstr "%s: གྲལ་ཐིག་ %d: chown འཐུས་ཤོར་བྱུང་ཡོདཔ།\n"
+
+#, c-format
+msgid "%s: cannot reset SELinux file creation context\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: cannot set SELinux context for mailbox file %s\n"
+msgstr "%s གི་དོན་ལུ་ རྒས་པའི་བརྡ་དོན་བསྒྱུར་བཅོས་འབད་དོ།\n"
+
 msgid "Creating mailbox file"
 msgstr "ཡིག་སྒྲོམ་ཡིག་སྣོད་ གསར་བསྐྲུན་འབད་དོ།"
 
@@ -2023,6 +2365,17 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "ཡིག་སྒྲོམ་ཡིག་སྣོད་གྱི་གནང་བ་ གཞི་སྒྲིག་འབད་དོ།"
 
+#, c-format
+msgid ""
+"%s warning: %s's uid %d outside of the SYS_UID_MIN %d and SYS_UID_MAX %d "
+"range.\n"
+msgstr ""
+
+#, c-format
+msgid ""
+"%s warning: %s's uid %d outside of the UID_MIN %d and UID_MAX %d range.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: user '%s' already exists\n"
 msgstr "%s: ལག་ལེན་པ་ %sཡོདཔ་ཨིན།\n"
@@ -2058,10 +2411,13 @@ msgstr "%s: %sགསར་བསྐྲུན་འབད་མི་ཚུགས
 msgid "%s: can't create subordinate group IDs\n"
 msgstr "%s: %sགསར་བསྐྲུན་འབད་མི་ཚུགས།\n"
 
-#, c-format
+#, fuzzy, c-format
+#| msgid ""
+#| "%s: warning: the home directory already exists.\n"
+#| "Not copying any file from skel directory into it.\n"
 msgid ""
-"%s: warning: the home directory already exists.\n"
-"Not copying any file from skel directory into it.\n"
+"%s: warning: the home directory %s already exists.\n"
+"%s: Not copying any file from skel directory into it.\n"
 msgstr ""
 "%s: ཉེན་བརྡ་:ཁྱིམ་གྱི་སྣོད་ཐོ་འདི་ཧེ་མ་ལས་རང་ཡོདཔ་ཨིན།\n"
 "འདི་ནང་ལུ་ སི་ཀེལ་སྣོད་ཐོ་ནང་ལས་ ཡིག་སྣོད་ག་ཅི་ཡང་འདྲ་བཤུས་མ་བརྐྱབ་ནི།\n"
@@ -2071,8 +2427,10 @@ msgid "%s: warning: the user name %s to %s SELinux user mapping failed.\n"
 msgstr ""
 
 msgid ""
-"  -f, --force                   force removal of files,\n"
-"                                even if not owned by user\n"
+"  -f, --force                   force some actions that would fail "
+"otherwise\n"
+"                                e.g. removal of user still logged in\n"
+"                                or files, even if not owned by the user\n"
 msgstr ""
 
 msgid "  -r, --remove                  remove home directory and mail spool\n"
@@ -2141,6 +2499,11 @@ msgstr "%s: ནུས་མེད་ཁྱིམ་གྱི་སྣོད་
 msgid "%s: not removing directory %s (would remove home of user %s)\n"
 msgstr "%s: སྣོད་ཐོ་ %sའདི་ རྩ་བསྐྲད་གཏང་ནི་མེད་(ལག་ལེན་པ་%sགི་ཁྱིམ་འདི་ རྩ་བསྐྲད་གཏང་འོང་)།\n"
 
+#, fuzzy, c-format
+#| msgid "%s: error removing directory %s\n"
+msgid "%s: error removing subvolume %s\n"
+msgstr "%s: སྣོད་ཐོ་%s རྩ་བསྐྲད་གཏང་པའི་སྐབས་ལུ་ འཛོལ་བ།\n"
+
 #, c-format
 msgid "%s: error removing directory %s\n"
 msgstr "%s: སྣོད་ཐོ་%s རྩ་བསྐྲད་གཏང་པའི་སྐབས་ལུ་ འཛོལ་བ།\n"
@@ -2229,6 +2592,10 @@ msgstr ""
 msgid "%s: user '%s' already exists in %s\n"
 msgstr "%s: ལག་ལེན་པ་ %sཡོདཔ་ཨིན།\n"
 
+#, c-format
+msgid "%s: homedir must be an absolute path\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: invalid subordinate uid range '%s'\n"
 msgstr "%s: ནུས་མེད་ཚེས་གྲངས་  '%s'།\n"
@@ -2271,6 +2638,10 @@ msgstr ""
 msgid "%s: Failed to change ownership of the home directory"
 msgstr "%s: སྣོད་ཐོ་ %s གསར་བསྐྲུན་འབད་མི་ཚུགས།\n"
 
+#, c-format
+msgid "%s: error: cannot move subvolume from %s to %s - different device\n"
+msgstr ""
+
 #, c-format
 msgid "%s: warning: failed to completely remove old home directory %s"
 msgstr ""
@@ -2303,7 +2674,7 @@ msgid "%s: failed to remove uid range %lu-%lu from '%s'\n"
 msgstr "%s: ཁེ་དབང་(%s)ཚུ་བཀོག་ནིའི་འཐུས་ཤོར་བྱུང་ཡོདཔ།\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to add uid range %lu-%lu from '%s'\n"
+msgid "%s: failed to add uid range %lu-%lu to '%s'\n"
 msgstr "%s: ཁེ་དབང་(%s)ཚུ་བཀོག་ནིའི་འཐུས་ཤོར་བྱུང་ཡོདཔ།\n"
 
 #, fuzzy, c-format
@@ -2311,7 +2682,7 @@ msgid "%s: failed to remove gid range %lu-%lu from '%s'\n"
 msgstr "%s: ཁེ་དབང་(%s)ཚུ་བཀོག་ནིའི་འཐུས་ཤོར་བྱུང་ཡོདཔ།\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to add gid range %lu-%lu from '%s'\n"
+msgid "%s: failed to add gid range %lu-%lu to '%s'\n"
 msgstr "%s: ཁེ་དབང་(%s)ཚུ་བཀོག་ནིའི་འཐུས་ཤོར་བྱུང་ཡོདཔ།\n"
 
 #, c-format
@@ -2408,6 +2779,9 @@ msgstr "%s: %sསོར་ཆུད་འབད་མ་ཚུགས་: %s (ཁ
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: ནུས་མེད་གཞི་རྟེན་སྣོད་ཐོ་'%s'།\n"
 
+#~ msgid "Username         Port     From             Latest"
+#~ msgstr "ལག་ལེན་པའི་མིང་         འདྲེན་ལམ་     ལས་             མཇུག་མཐའ།"
+
 #, fuzzy
 #~| msgid "Usage: %s [input]\n"
 #~ msgid ""
@@ -2663,9 +3037,6 @@ msgstr "%s: ནུས་མེད་གཞི་རྟེན་སྣོད་
 #~ "  -r, --remove\t\t\t  ཁྱིམ་གྱི་སྣོད་ཐོ་དང་ཡིག་འཕྲིན་འཕྲལ་གསོག་རྩ་བསྐྲད་གཏང་།\n"
 #~ "\n"
 
-#~ msgid "%s: user %s is currently logged in\n"
-#~ msgstr "%s: ལག་ལེན་པ་  %sའདི་ ད་ལྟོ་རང་ནང་བསྐྱོད་འབད་ཡི།\n"
-
 #, fuzzy
 #~ msgid ""
 #~ "Usage: usermod [options] LOGIN\n"
@@ -2969,9 +3340,6 @@ msgstr "%s: ནུས་མེད་གཞི་རྟེན་སྣོད་
 #~ msgid "Cannot lock the password file; try again later.\n"
 #~ msgstr "ཆོག་ཡིག་ཡིག་སྣོད་ ལྡེ་མིག་བརྐྱབ་མི་ཚུགས་ ཤུལ་ལས་ལོག་སྟེ་འབད་རྩོལ་སྐྱེད།\n"
 
-#~ msgid "Cannot open the password file.\n"
-#~ msgstr "ཆོག་ཡིག་ཡིག་སྣོད་ ཁ་ཕྱེ་མི་ཚུགས།\n"
-
 #~ msgid "Error updating the password entry.\n"
 #~ msgstr "ཆོག་ཡིག་ཐོ་བཀོད་དུས་མཐུན་འབདཝ་ད་ལུ་ འཛོལ་བ།\n"
 
@@ -2984,9 +3352,6 @@ msgstr "%s: ནུས་མེད་གཞི་རྟེན་སྣོད་
 #~ msgid "%s: can't lock group file\n"
 #~ msgstr "%s: སྡེ་ཚན་ཡིག་སྣོད་ ལྡེ་མིག་བརྐྱབ་མི་ཚུགས།\n"
 
-#~ msgid "%s: can't open group file\n"
-#~ msgstr "%s: སྡེ་ཚན་ལྡེ་མིག་ ཁ་ཕྱེ་མི་ཚུགས།\n"
-
 #~ msgid "%s: can't lock gshadow file\n"
 #~ msgstr "%s: gshadowཡིག་སྣོད་ ལྡེ་མིག་བརྐྱབ་མི་ཚུགས།\n"
 
@@ -3050,9 +3415,6 @@ msgstr "%s: ནུས་མེད་གཞི་རྟེན་སྣོད་
 #~ msgid "%s: can't get shadow lock\n"
 #~ msgstr "%s: གྱིབ་མ་ལྡེ་མིག་ལྡེ་མིག་བརྐྱབ་མི་ཚུགས།\n"
 
-#~ msgid "%s: can't open file\n"
-#~ msgstr "%s: ཡིག་སྣོད་ཁ་ཕྱེ་མི་ཚུགས།\n"
-
 #~ msgid "%s: can't re-write shadow file\n"
 #~ msgstr "%s: གྱིབ་མའི་ཡིག་སྣོད་ལོག་འབྲི་མི་ཚུགས།\n"
 
@@ -3203,9 +3565,6 @@ msgstr "%s: ནུས་མེད་གཞི་རྟེན་སྣོད་
 #~ msgid "%s: can't open files\n"
 #~ msgstr "%s: ཡིག་སྣོད་ཚུ་ཁ་ཕྱེ་མི་ཚུགས།\n"
 
-#~ msgid "%s: error updating files\n"
-#~ msgstr "%s: ཡིག་སྣོད་དུས་མཐུན་བཟོ་བའི་སྐབས་ལུ་ འཛོལ་བ།\n"
-
 #~ msgid "%s: can't update passwd entry for %s\n"
 #~ msgstr "%s: %sགི་དོན་ལུ་ ཆོག་ཡིག་ཐོ་བཀོད་དུས་མཐུན་བཟོ་མི་ཚུགས།\n"
 
@@ -3237,9 +3596,6 @@ msgstr "%s: ནུས་མེད་གཞི་རྟེན་སྣོད་
 #~ msgid "%s: Out of memory. Cannot update the shadow group database.\n"
 #~ msgstr "%s: དུས་མཐུན་gshadowནང་ལུ་ དྲན་ཚད་ལས་བརྒལ་བ།\n"
 
-#~ msgid "%s: cannot rewrite password file\n"
-#~ msgstr "%s: ཆོག་ཡིག་ཡིག་སྣོད་འདི་ ལོག་འབྲི་མི་བཏུབ།\n"
-
 #~ msgid "%s: cannot rewrite shadow password file\n"
 #~ msgstr "%s: གྱིབ་མའི་ཆོག་ཡིག་ཡིག་སྣོད་འདི་ ལོག་འབྲི་མི་བཏུབ།\n"
 

po/el.po

@@ -10,7 +10,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow_po_el\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2016-09-18 14:03-0500\n"
+"POT-Creation-Date: 2021-07-04 12:20+0200\n"
 "PO-Revision-Date: 2012-01-21 00:22+0200\n"
 "Last-Translator: Thomas Vasileiou <thomas-v@wildmail.com>\n"
 "Language-Team: Greek <debian-l10n-greek@lists.debian.org>\n"
@@ -57,6 +57,15 @@ msgstr "Συνθηματικό: "
 msgid "%s's Password: "
 msgstr "Του %s το Συνθηματικό: "
 
+#, fuzzy
+#| msgid "Cannot open audit interface - aborting.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "Αδυναμία εγκαθίδρυσης διεπαφής ελέγχου - ματαίωσης.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
 #, c-format
 msgid "[libsemanage]: %s\n"
 msgstr "[libsemanage]: %s\n"
@@ -310,10 +319,6 @@ msgstr[1] ""
 "%d αποτυχίες από την τελευταία είσοδο.\n"
 " Η τελευταία ήταν στις %s στο %s.\n"
 
-#, c-format
-msgid "%s: Invalid configuration: GID_MIN (%lu), GID_MAX (%lu)\n"
-msgstr "%s: Μη έγκυρη διαμόρφωση: GID_MIN (%lu), GID_MAX (%lu)\n"
-
 #, c-format
 msgid ""
 "%s: Invalid configuration: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
@@ -322,22 +327,63 @@ msgstr ""
 "%s: Μη έγκυρη διαμόρφωση: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
 "(%lu)\n"
 
+#, c-format
+msgid "%s: Invalid configuration: GID_MIN (%lu), GID_MAX (%lu)\n"
+msgstr "%s: Μη έγκυρη διαμόρφωση: GID_MIN (%lu), GID_MAX (%lu)\n"
+
+#, c-format
+msgid "%s: Encountered error attempting to use preferred GID: %s\n"
+msgstr ""
+
 #, c-format
 msgid "%s: failed to allocate memory: %s\n"
 msgstr "%s: αποτυχία εκχώρησης μνήμης: %s\n"
 
-#, c-format
-msgid "%s: Can't get unique system GID (no more available GIDs)\n"
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique system GID (no more available GIDs)\n"
+msgid ""
+"%s: Can't get unique system GID (%s). Suppressing additional messages.\n"
 msgstr ""
 "%s: αδυναμία λήψης μοναδικού GID συστήματος (δεν υπάρχουν διαθέσιμα GID)\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique GID (no more available GIDs)\n"
+msgid "%s: Can't get unique GID (%s). Suppressing additional messages.\n"
+msgstr "%s: αδυναμία λήψης μοναδικού GID (δεν υπάρχουν διαθέσιμα GID)\n"
+
 #, c-format
 msgid "%s: Can't get unique GID (no more available GIDs)\n"
 msgstr "%s: αδυναμία λήψης μοναδικού GID (δεν υπάρχουν διαθέσιμα GID)\n"
 
-#, c-format
-msgid "%s: Invalid configuration: UID_MIN (%lu), UID_MAX (%lu)\n"
-msgstr "%s: Μη έγκυρη διαμόρφωση: UID_MIN (%lu), UID_MAX (%lu)\n"
+#, fuzzy, c-format
+#| msgid ""
+#| "%s: Invalid configuration: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
+#| "(%lu)\n"
+msgid ""
+"%s: Invalid configuration: SUB_GID_MIN (%lu), SUB_GID_MAX (%lu), "
+"SUB_GID_COUNT (%lu)\n"
+msgstr ""
+"%s: Μη έγκυρη διαμόρφωση: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
+"(%lu)\n"
+
+#, fuzzy, c-format
+msgid "%s: Can't get unique subordinate GID range\n"
+msgstr "%s: αδυναμία δημιουργίας του χρήστη\n"
+
+#, fuzzy, c-format
+#| msgid ""
+#| "%s: Invalid configuration: SYS_UID_MIN (%lu), UID_MIN (%lu), SYS_UID_MAX "
+#| "(%lu)\n"
+msgid ""
+"%s: Invalid configuration: SUB_UID_MIN (%lu), SUB_UID_MAX (%lu), "
+"SUB_UID_COUNT (%lu)\n"
+msgstr ""
+"%s: Μη έγκυρη διαμόρφωση: SYS_UID_MIN (%lu), UID_MIN (%lu), SYS_UID_MAX "
+"(%lu)\n"
+
+#, fuzzy, c-format
+msgid "%s: Can't get unique subordinate UID range\n"
+msgstr "%s: αδυναμία δημιουργίας του χρήστη\n"
 
 #, c-format
 msgid ""
@@ -348,14 +394,76 @@ msgstr ""
 "(%lu)\n"
 
 #, c-format
-msgid "%s: Can't get unique system UID (no more available UIDs)\n"
+msgid "%s: Invalid configuration: UID_MIN (%lu), UID_MAX (%lu)\n"
+msgstr "%s: Μη έγκυρη διαμόρφωση: UID_MIN (%lu), UID_MAX (%lu)\n"
+
+#, c-format
+msgid "%s: Encountered error attempting to use preferred UID: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique system UID (no more available UIDs)\n"
+msgid ""
+"%s: Can't get unique system UID (%s). Suppressing additional messages.\n"
 msgstr ""
 "%s: αδυναμία λήψης μοναδικού UID συστήματος (δεν υπάρχουν διαθέσιμα UID)\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique UID (no more available UIDs)\n"
+msgid "%s: Can't get unique UID (%s). Suppressing additional messages.\n"
+msgstr "%s: αδυναμία λήψης μοναδικού UID (δεν υπάρχουν διαθέσιμα UID)\n"
+
 #, c-format
 msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: αδυναμία λήψης μοναδικού UID (δεν υπάρχουν διαθέσιμα UID)\n"
 
+#, c-format
+msgid "%s: Not enough arguments to form %u mappings\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: Authentication failure\n"
+msgid "%s: Memory allocation failure\n"
+msgstr "%s: Αποτυχία εξακρίβωσης\n"
+
+#, c-format
+msgid "%s: subuid overflow detected.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: invalid field '%s'\n"
+msgid "%s: Invalid map file %s specified\n"
+msgstr "%s: Μη έγκυρο πεδίο '%s'\n"
+
+#, c-format
+msgid "%s: Could not prctl(PR_SET_KEEPCAPS)\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Could not set name for %s\n"
+msgid "%s: Could not seteuid to %d\n"
+msgstr "Αδυναμία ρύθμισης του ονόματος χρήστη %s\n"
+
+#, fuzzy, c-format
+#| msgid "Could not set name for %s\n"
+msgid "%s: Could not set caps\n"
+msgstr "Αδυναμία ρύθμισης του ονόματος χρήστη %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: can't open file\n"
+msgid "%s: snprintf failed!\n"
+msgstr "%s: αδυναμία ανοίγματος του αρχείου\n"
+
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: open of %s failed: %s\n"
+msgstr "%s: γραμμή %d: αποτυχία αλλαγής ιδιοκτήτη %s (chown): %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: write to %s failed: %s\n"
+msgstr "%s: γραμμή %d: αποτυχία αλλαγής ιδιοκτήτη %s (chown): %s\n"
+
 msgid "Too many logins.\n"
 msgstr "Πολλές είσοδοι στο σύστημα.\n"
 
@@ -407,6 +515,27 @@ msgstr "passwd: Το συνθηματικό παρέμεινε όπως είχε
 msgid "passwd: password updated successfully\n"
 msgstr "passwd: το συνθηματικό ενημερώθηκε επιτυχώς\n"
 
+#, c-format
+msgid "%s: PAM modules requesting echoing are not supported.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: repository %s not supported\n"
+msgid "%s: conversation type %d not supported.\n"
+msgstr "%s: η αποθήκη %s δεν υποστηρίζεται\n"
+
+#, fuzzy, c-format
+#| msgid "%s: pam_start: error %d\n"
+msgid "%s: (user %s) pam_start failure %d\n"
+msgstr "%s: pam_start: σφάλμα %d\n"
+
+#, fuzzy, c-format
+#| msgid "passwd: pam_start() failed, error %d\n"
+msgid ""
+"%s: (user %s) pam_chauthtok() failed, error:\n"
+"%s\n"
+msgstr "συνθηματικό: pam_start() απέτυχε, σφάλμα %d\n"
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Εσφαλμένο συνθηματικό για %s.\n"
@@ -440,6 +569,10 @@ msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr ""
 "%s: αδυναμία αλλαγής του φαινομενικού γονικού καταλόγου (chroot)  %s: %s\n"
 
+#, c-format
+msgid "Unable to obtain random bytes.\n"
+msgstr ""
+
 #, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
@@ -448,6 +581,13 @@ msgstr ""
 "Μη έγκυρη τιμή για το ENCRYPT_METHOD: '%s'.\n"
 "Επιλέγεται η προκαθορισμένη DES.\n"
 
+#, c-format
+msgid ""
+"Unable to generate a salt from setting \"%s\", check your settings in "
+"ENCRYPT_METHOD and the corresponding configuration for your selected hash "
+"method.\n"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Αδυναμία αλλαγής καταλόγου στον '%s'\n"
@@ -467,6 +607,15 @@ msgstr "Μη έγκυρος πρωταρχικός κατάλογος '%s'\n"
 msgid "Can't change root directory to '%s'\n"
 msgstr "Αδυναμία αλλαγής του πρωταρχικού καταλόγου σε '%s'\n"
 
+#, c-format
+msgid "%s: user %s is currently logged in\n"
+msgstr "%s: Ο χρήστης %s βρίσκεται στο σύστημα\n"
+
+#, fuzzy, c-format
+#| msgid "%s: user %s is currently logged in\n"
+msgid "%s: user %s is currently used by process %d\n"
+msgstr "%s: Ο χρήστης %s βρίσκεται στο σύστημα\n"
+
 msgid "Unable to determine your tty name."
 msgstr "Δεν είναι δυνατόν να καθοριστεί το όνομα tty."
 
@@ -501,6 +650,11 @@ msgstr ""
 "  -h, --help                    προβολή αυτού του μηνύματος βοήθειας και "
 "έξοδος\n"
 
+#, fuzzy
+#| msgid "  -g, --group                   edit group database\n"
+msgid "  -i, --iso8601                 use YYYY-MM-DD when printing dates\n"
+msgstr "  -g, --group                   επεξεργασία βάσης δεδομένων ομάδων\n"
+
 msgid ""
 "  -I, --inactive INACTIVE       set password inactive after expiration\n"
 "                                to INACTIVE\n"
@@ -702,6 +856,10 @@ msgstr "Τηλέφωνο Οικίας"
 msgid "Other"
 msgstr "Άλλο"
 
+#, c-format
+msgid "%s: fields too long\n"
+msgstr "%s: Πολύ μακριά πεδία\n"
+
 msgid "Cannot change ID to root.\n"
 msgstr "Αδυναμία αλλαγής ταυτότητας χρήστη σε root.\n"
 
@@ -753,10 +911,6 @@ msgstr "%s: '%s' είναι ο κύριος διακομιστής NIS γι'αυ
 msgid "Changing the user information for %s\n"
 msgstr "Αλλαγή πληροφοριών χρήστη για τον %s\n"
 
-#, c-format
-msgid "%s: fields too long\n"
-msgstr "%s: Πολύ μακριά πεδία\n"
-
 #, c-format
 msgid ""
 "Usage: %s [options]\n"
@@ -783,9 +937,13 @@ msgstr ""
 "  -m, --md5                     κρυπτογράφηση το κειμένου του συνθηματικού\n"
 "                                με χρήση του αλγόριθμου MD5\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -s, --sha-rounds              number of SHA rounds for the SHA*\n"
+#| "                                crypt algorithms\n"
 msgid ""
-"  -s, --sha-rounds              number of SHA rounds for the SHA*\n"
-"                                crypt algorithms\n"
+"  -s, --sha-rounds              number of rounds for the SHA, BCRYPT\n"
+"                                or YESCRYPT crypt algorithms\n"
 msgstr ""
 "  -s, --sha-rounds              αριθμός κύκλων SHA για τους \n"
 "                                 αλγόριθμους κρυπτογράφησης SHA*\n"
@@ -1103,6 +1261,23 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  δημιουργία λογαριασμού συστήματος\n"
 
+#, fuzzy
+#| msgid "  -R, --root CHROOT_DIR         directory to chroot into\n"
+msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
+msgstr ""
+"  -R, --root ΚΑΤΑΛΟΓΟΣ_CHROOT         κατάλογος στον οποίο να εφαρμοστεί "
+"chroot\n"
+
+#, fuzzy
+#| msgid "  -l, --list                    list the members of the group\n"
+msgid "  -U, --users USERS             list of user members of this group\n"
+msgstr "  -l, --list                    λίστα όλων των μελών της ομάδας\n"
+
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Invalid member username %s\n"
+msgstr "Μη έγκυρο όνομα χρήστη '%s'\n"
+
 #, c-format
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: Το '%s' δεν είναι έγκυρο όνομα ομάδας\n"
@@ -1127,6 +1302,11 @@ msgstr "%s: το GID '%lu' υπάρχει\n"
 msgid "%s: Cannot setup cleanup service.\n"
 msgstr "%s: Δεν ήταν δυνατή η ρύθμιση της υπηρεσίας εκκαθάρισης.\n"
 
+msgid ""
+"  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/"
+"* files\n"
+msgstr ""
+
 #, fuzzy
 msgid ""
 "  -f, --force                   delete group even if it is the primary group "
@@ -1214,6 +1394,23 @@ msgstr "%s: το όνομα της ομάδας σας δεν ταιριάζει
 msgid "%s: only root can use the -g/--group option\n"
 msgstr "%s:  μόνο ο root μπορεί να χρησιμοποιήσει την επιλογή -g/--group\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -a, --append                  append the user to the supplemental "
+#| "GROUPS\n"
+#| "                                mentioned by the -G option without "
+#| "removing\n"
+#| "                                the user from other groups\n"
+msgid ""
+"  -a, --append                  append the users mentioned by -U option to "
+"the group \n"
+"                                without removing existing user members\n"
+msgstr ""
+"  -a, --append                  προσθήκη του χρήστη στις συμπληρωματικές "
+"ΟΜΑΔΕΣ\n"
+"                                που προσδιορίζονται από την επιλογή -G, \n"
+"                                χωρίς να διαγράφεται από τις άλλες ομάδες\n"
+
 msgid "  -g, --gid GID                 change the group ID to GID\n"
 msgstr "  -g, --gid GID                 αλλαγή του ID της ομάδας σε GID\n"
 
@@ -1274,6 +1471,10 @@ msgstr ""
 msgid "  -s, --sort                    sort entries by UID\n"
 msgstr "  -s, --sort                    ταξινόμηση εγγραφών κατά UID\n"
 
+msgid ""
+"  -S, --silence-warnings        silence controversial/paranoid warnings\n"
+msgstr ""
+
 #, c-format
 msgid "%s: -s and -r are incompatible\n"
 msgstr "%s: -s και -r είναι ασύμβατα\n"
@@ -1393,8 +1594,10 @@ msgstr ""
 "  -u, --user ΟΝΟΜΑ              προβολή των εγγραφών του lastlog για το "
 "συγκεκριμένο ΟΝΟΜΑ\n"
 
-msgid "Username         Port     From             Latest"
-msgstr "Όνομα_Χρήστη     Θύρα     Από              Τελευταία"
+#, fuzzy, c-format
+#| msgid "Username                Port     Latest"
+msgid "Username         Port     From%*sLatest\n"
+msgstr "Όνομα_Χρήστη            Θύρα     Τελευταία"
 
 msgid "Username                Port     Latest"
 msgstr "Όνομα_Χρήστη            Θύρα     Τελευταία"
@@ -1402,10 +1605,22 @@ msgstr "Όνομα_Χρήστη            Θύρα     Τελευταία"
 msgid "**Never logged in**"
 msgstr "**Καμιά είσοδος στο σύστημα**"
 
+#, c-format
+msgid ""
+"%s: Selected uid(s) are higher than LASTLOG_UID_MAX (%lu),\n"
+"\tthe output might be incorrect.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: Failed to update the entry for UID %lu\n"
 msgstr "%s: Aδυναμία ανάκτησης της εγγραφής UID %lu\n"
 
+#, c-format
+msgid ""
+"%s: Selected uid(s) are higher than LASTLOG_UID_MAX (%lu),\n"
+"\tthey will not be updated.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: Failed to update the lastlog file\n"
 msgstr "%s: αδυναμία ανανέωσης αρχείου συνθηματικών\n"
@@ -1535,6 +1750,55 @@ msgstr ""
 msgid "Usage: logoutd\n"
 msgstr "Χρήση: logoutd\n"
 
+#, c-format
+msgid "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"
+msgstr ""
+
+#, c-format
+msgid ""
+"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+msgstr ""
+
+#, c-format
+msgid "%s: kernel doesn't support setgroups restrictions\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: can't open group file\n"
+msgid "%s: couldn't open process setgroups: %s\n"
+msgstr "%s: αδυναμία ανοίγματος του αρχείου ομάδων\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to remove %s\n"
+msgid "%s: failed to read setgroups: %s\n"
+msgstr "%s: αποτυχία απομάκρυνσης του %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to remove %s\n"
+msgid "%s: failed to seek setgroups: %s\n"
+msgstr "%s: αποτυχία απομάκρυνσης του %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to unlock %s\n"
+msgid "%s: failed to setgroups %s policy: %s\n"
+msgstr "%s: Αποτυχία ξεκλειδώματος %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to find tcb directory for %s\n"
+msgid "%s: Could not open proc directory for target %u\n"
+msgstr "%s: αποτυχία εύρεσης καταλόγου tcb %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: Failed to create tcb directory for %s\n"
+msgid "%s: Could not stat directory for target %u\n"
+msgstr "%s: Αδυναμία δημιουργίας tcb καταλόγου για το χρήστη %s\n"
+
+#, c-format
+msgid ""
+"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
+"gid:%lu pw_gid:%lu st_gid:%lu\n"
+msgstr ""
+
 msgid "Usage: newgrp [-] [group]\n"
 msgstr "Χρήση: newgrp [-] [ομάδα]\n"
 
@@ -1559,6 +1823,26 @@ msgstr "%s: Ο GID '%lu' δεν υπάρχει\n"
 msgid "too many groups\n"
 msgstr "πάρα πολλές ομάδες\n"
 
+#, c-format
+msgid "%s: uid range [%lu-%lu) -> [%lu-%lu) not allowed\n"
+msgstr ""
+
+#, c-format
+msgid ""
+"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+msgstr ""
+
+#, c-format
+msgid ""
+"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
+"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
+msgstr ""
+
+#, fuzzy
+#| msgid "  -q, --quiet                   quiet mode\n"
+msgid "  -b, --badnames                allow bad names\n"
+msgstr "  -q, --quiet                   σιωπηλή λειτουργία\n"
+
 msgid "  -r, --system                  create system accounts\n"
 msgstr "  -r, --system                  δημιουργία λογαριασμών συστήματος\n"
 
@@ -1601,6 +1885,11 @@ msgstr "%s: γραμμή %d: Ο χρήστης '%s' δεν υπάρχει στο
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: γραμμή %d: αδυναμία ανανέωση συνθηματικού\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: mkdir %s failed: %s\n"
+msgid "%s: line %d: homedir must be an absolute path\n"
+msgstr "%s: γραμμή %d: αποτυχία δημιουργίας καταλόγου %s (mkdir) : %s\n"
+
 #, c-format
 msgid "%s: line %d: mkdir %s failed: %s\n"
 msgstr "%s: γραμμή %d: αποτυχία δημιουργίας καταλόγου %s (mkdir) : %s\n"
@@ -1766,8 +2055,9 @@ msgstr ""
 msgid "%s: repository %s not supported\n"
 msgstr "%s: η αποθήκη %s δεν υποστηρίζεται\n"
 
-#, c-format
-msgid "%s: %s is not authorized to change the password of %s\n"
+#, fuzzy, c-format
+#| msgid "%s: %s is not authorized to change the password of %s\n"
+msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr ""
 "%s: ο χρήστης %s δεν είναι εξουσιοδοτημένος να αλλάξει το συνθηματικό του "
 "%s\n"
@@ -1926,9 +2216,11 @@ msgstr "%s: δυσλειτουργία μασκαρίσμος του σήματ
 msgid "Session terminated, terminating shell..."
 msgstr "Συνεδρία τερματίστηκε, τερματισμός φλοιού..."
 
+#, c-format
 msgid " ...killed.\n"
 msgstr " ...σκοτώθηκε.\n"
 
+#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr ""
 
@@ -1939,8 +2231,22 @@ msgstr " ...τερματίστηκε.\n"
 msgid "%s: %s\n"
 msgstr "%s: %s\n"
 
+#, fuzzy
+#| msgid ""
+#| "Usage: su [options] [LOGIN]\n"
+#| "\n"
+#| "Options:\n"
+#| "  -c, --command COMMAND         pass COMMAND to the invoked shell\n"
+#| "  -h, --help                    display this help message and exit\n"
+#| "  -, -l, --login                make the shell a login shell\n"
+#| "  -m, -p,\n"
+#| "  --preserve-environment        do not reset environment variables, and\n"
+#| "                                keep the same shell\n"
+#| "  -s, --shell SHELL             use SHELL instead of the default in "
+#| "passwd\n"
+#| "\n"
 msgid ""
-"Usage: su [options] [LOGIN]\n"
+"Usage: su [options] [-] [username [args]]\n"
 "\n"
 "Options:\n"
 "  -c, --command COMMAND         pass COMMAND to the invoked shell\n"
@@ -1951,6 +2257,7 @@ msgid ""
 "                                keep the same shell\n"
 "  -s, --shell SHELL             use SHELL instead of the default in passwd\n"
 "\n"
+"If no username is given, assume root.\n"
 msgstr ""
 "Χρήση: su [επιλογές] [ΟΝΟΜΑ]\n"
 "\n"
@@ -1974,6 +2281,14 @@ msgstr ""
 "%s: %s\n"
 "(Αγνοήθηκε)\n"
 
+#, c-format
+msgid "Password field is empty, this is forbidden for all accounts.\n"
+msgstr ""
+
+#, c-format
+msgid "Password field is empty, this is forbidden for super-user.\n"
+msgstr ""
+
 #, c-format
 msgid "You are not authorized to su %s\n"
 msgstr "Δεν έχετε άδεια για su %s\n"
@@ -2038,6 +2353,11 @@ msgstr "%s: το %s δημιουργήθηκε, αλλά δεν μπορεί ν
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%s: η %s διαμόρφωση στο %s θα αγνοηθεί\n"
 
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "%s: cannot create new defaults file: %s\n"
+msgstr "%s: αδυναμία δημιουργίας νέου αρχείου προκαθορισμένων ρυθμίσεων\n"
+
 #, c-format
 msgid "%s: cannot create new defaults file\n"
 msgstr "%s: αδυναμία δημιουργίας νέου αρχείου προκαθορισμένων ρυθμίσεων\n"
@@ -2066,6 +2386,11 @@ msgstr "%s: Η ομάδα '%s' είναι NIS ομάδα.\n"
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: Προσδιορίστηκαν υπερβολικές ομάδες (μεγ. %d).\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Out of memory. Cannot update %s.\n"
+msgid "%s: Out of memory. Cannot find group '%s'.\n"
+msgstr "%s: Δεν υπάρχει ελεύθερη μνήμη. Αδυναμία ενημέρωσης του %s.\n"
+
 #, c-format
 msgid ""
 "Usage: %s [options] LOGIN\n"
@@ -2080,6 +2405,13 @@ msgstr ""
 "\n"
 "Επιλογές:\n"
 
+#, fuzzy
+#| msgid "  -s, --shadow                  edit shadow or gshadow database\n"
+msgid "      --badnames                do not check for bad names\n"
+msgstr ""
+"  -s, --shadow                  επεξεργασία βάσης δεδομένων shadow ή "
+"gshadow\n"
+
 msgid ""
 "  -b, --base-dir BASE_DIR       base directory for the home directory of "
 "the\n"
@@ -2089,6 +2421,10 @@ msgstr ""
 "του χρήστη γιατον\n"
 "                                καινούργιο λογαριασμό\n"
 
+msgid ""
+"      --btrfs-subvolume-home    use BTRFS subvolume for home directory\n"
+msgstr ""
+
 msgid "  -c, --comment COMMENT         GECOS field of the new account\n"
 msgstr "  -c, --comment ΣΧΟΛΙΟ         πεδίο GECOS του νέου λογαριασμού\n"
 
@@ -2215,26 +2551,114 @@ msgstr "%s: Μη έγκυρο πεδίο '%s'\n"
 msgid "%s: invalid shell '%s'\n"
 msgstr "%s: Μη έγκυρος φλοιός '%s'\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Warning: %s is not executable\n"
+msgid "%s: Warning: missing or non-executable shell '%s'\n"
+msgstr "%s: Προειδοποίηση: το %s δεν είναι εκτελέσιμο\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot rewrite password file\n"
+msgid "%s: -Z cannot be used with --prefix\n"
+msgstr "%s: αδυναμία επανεγγραφής του αρχείου συνθηματικών\n"
+
 #, c-format
 msgid "%s: -Z requires SELinux enabled kernel\n"
 msgstr "%s: -Z απαιτεί πυρήνα με ενεργοποιημένο το SELinux\n"
 
+#, fuzzy, c-format
+#| msgid "%s: invalid user name '%s'\n"
+msgid "%s: invalid user name '%s': use --badname to ignore\n"
+msgstr "%s: μη έγκυρο όνομα χρήστη '%s'\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
+msgid "%s: failed to open the faillog file for UID %lu: %s\n"
+msgstr "%s: αποτυχία επαναφοράς της καταχώρησης στο faillog του UID %lu: %s\n"
+
 #, c-format
 msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
 msgstr "%s: αποτυχία επαναφοράς της καταχώρησης στο faillog του UID %lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
+msgid "%s: failed to close the faillog file for UID %lu: %s\n"
+msgstr "%s: αποτυχία επαναφοράς της καταχώρησης στο faillog του UID %lu: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
+msgid "%s: failed to open the lastlog file for UID %lu: %s\n"
+msgstr "%s: αποτυχία επαναφοράς της καταχώρησης στο lastlog του UID %lu: %s\n"
+
 #, c-format
 msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
 msgstr "%s: αποτυχία επαναφοράς της καταχώρησης στο lastlog του UID %lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
+msgid "%s: failed to close the lastlog file for UID %lu: %s\n"
+msgstr "%s: αποτυχία επαναφοράς της καταχώρησης στο lastlog του UID %lu: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
+msgid "%s: failed to reset the tallylog entry of user \"%s\"\n"
+msgstr "%s: αποτυχία επαναφοράς της καταχώρησης στο faillog του UID %lu: %s\n"
+
 #, fuzzy, c-format
 msgid "%s: failed to prepare the new %s entry\n"
 msgstr "%s: αποτυχία προετοιμασίας της νέας εγγραφής %s '%s'\n"
 
+#, fuzzy, c-format
+#| msgid "%s: error updating files\n"
+msgid "%s: error while duplicating string %s\n"
+msgstr "%s: Σφάλμα κατά την ενημέρωση αρχείων\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create directory %s\n"
+msgid "%s: cannot set SELinux context for home directory %s\n"
+msgstr "%s: αδυναμία δημιουργίας καταλόγου %s\n"
+
+#, c-format
+msgid "%s: error while duplicating string in BTRFS check %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: %s home directory (%s) not found\n"
+msgid "%s: home directory \"%s\" must be mounted on BTRFS\n"
+msgstr "%s: %s ο αρχικός κατάλογος χρήστη (%s) δεν βρέθηκε\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to allocate memory: %s\n"
+msgid "%s: failed to create BTRFS subvolume: %s\n"
+msgstr "%s: αποτυχία εκχώρησης μνήμης: %s\n"
+
 #, c-format
 msgid "%s: cannot create directory %s\n"
 msgstr "%s: αδυναμία δημιουργίας καταλόγου %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: warning: chown on `%s' failed: %m\n"
+msgstr "%s: γραμμή %d: αποτυχία αλλαγής ιδιοκτήτη %s (chown): %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: warning: chmod on `%s' failed: %m\n"
+msgstr "%s: γραμμή %d: αποτυχία αλλαγής ιδιοκτήτη %s (chown): %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: warning: chown on '%s' failed: %m\n"
+msgstr "%s: γραμμή %d: αποτυχία αλλαγής ιδιοκτήτη %s (chown): %s\n"
+
+#, c-format
+msgid "%s: cannot reset SELinux file creation context\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Cannot create SELinux login mapping for %s\n"
+msgid "%s: cannot set SELinux context for mailbox file %s\n"
+msgstr "Αδυναμία δημιουργίας χαρτογράφησης σύνδεσης SELinux για το χρήστη %s\n"
+
 msgid "Creating mailbox file"
 msgstr "Δημιουργία αρχείου mailbox"
 
@@ -2246,6 +2670,17 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "Ρύθμιση αδειών του αρχείου mailbox"
 
+#, c-format
+msgid ""
+"%s warning: %s's uid %d outside of the SYS_UID_MIN %d and SYS_UID_MAX %d "
+"range.\n"
+msgstr ""
+
+#, c-format
+msgid ""
+"%s warning: %s's uid %d outside of the UID_MIN %d and UID_MAX %d range.\n"
+msgstr ""
+
 #, c-format
 msgid "%s: user '%s' already exists\n"
 msgstr "%s: Ο χρήστης '%s' υπάρχει ήδη\n"
@@ -2281,10 +2716,13 @@ msgstr "%s: αδυναμία δημιουργίας του χρήστη\n"
 msgid "%s: can't create subordinate group IDs\n"
 msgstr "%s: αδυναμία δημιουργίας ομάδας\n"
 
-#, c-format
+#, fuzzy, c-format
+#| msgid ""
+#| "%s: warning: the home directory already exists.\n"
+#| "Not copying any file from skel directory into it.\n"
 msgid ""
-"%s: warning: the home directory already exists.\n"
-"Not copying any file from skel directory into it.\n"
+"%s: warning: the home directory %s already exists.\n"
+"%s: Not copying any file from skel directory into it.\n"
 msgstr ""
 "%s: προειδοποίηση: ο αρχικός κατάλογος χρήστη υπάρχει ήδη.\n"
 "Δεν έγινε αντιγραφή σε αυτό οποιουδήποτε καταλόγου skel.\n"
@@ -2295,9 +2733,15 @@ msgstr ""
 "%s: προειδοποίηση: απέτυχε η προσθήκη του χρήστη %s  στην χαρτογράφηση "
 "SELinux %s.\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -f, --force                   force removal of files,\n"
+#| "                                even if not owned by user\n"
 msgid ""
-"  -f, --force                   force removal of files,\n"
-"                                even if not owned by user\n"
+"  -f, --force                   force some actions that would fail "
+"otherwise\n"
+"                                e.g. removal of user still logged in\n"
+"                                or files, even if not owned by the user\n"
 msgstr ""
 "  -f, --force                   εξαναγκασμένη απομάκρυνση αρχείων,\n"
 "                                ακόμα και εάν ο χρήστης δεν είναι ιδιοκτήτης "
@@ -2379,6 +2823,11 @@ msgstr ""
 "%s: Δεν διαγράφεται ο κατάλογος %s (θα αφαιρούσε τον αρχικό κατάλογο του "
 "χρήστη %s)\n"
 
+#, fuzzy, c-format
+#| msgid "%s: error removing directory %s\n"
+msgid "%s: error removing subvolume %s\n"
+msgstr "%s: Σφάλμα κατά την διαγραφή του καταλόγου %s\n"
+
 #, c-format
 msgid "%s: error removing directory %s\n"
 msgstr "%s: Σφάλμα κατά την διαγραφή του καταλόγου %s\n"
@@ -2495,6 +2944,10 @@ msgstr ""
 msgid "%s: user '%s' already exists in %s\n"
 msgstr "%s: Ο χρήστης %s υπάρχει ήδη στο %s\n"
 
+#, c-format
+msgid "%s: homedir must be an absolute path\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: invalid subordinate uid range '%s'\n"
 msgstr "%s: Μη έγκυρη ημερομηνία '%s'\n"
@@ -2541,6 +2994,10 @@ msgstr ""
 msgid "%s: Failed to change ownership of the home directory"
 msgstr "%s: Αδυναμία αλλαγής ιδιοκτήτη του αρχικού καταλόγου του χρήστη"
 
+#, c-format
+msgid "%s: error: cannot move subvolume from %s to %s - different device\n"
+msgstr ""
+
 #, c-format
 msgid "%s: warning: failed to completely remove old home directory %s"
 msgstr ""
@@ -2578,7 +3035,7 @@ msgid "%s: failed to remove uid range %lu-%lu from '%s'\n"
 msgstr "%s: αποτυχία προετοιμασίας της νέας εγγραφής %s '%s'\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to add uid range %lu-%lu from '%s'\n"
+msgid "%s: failed to add uid range %lu-%lu to '%s'\n"
 msgstr "%s: αποτυχία προετοιμασίας της νέας εγγραφής %s '%s'\n"
 
 #, fuzzy, c-format
@@ -2586,7 +3043,7 @@ msgid "%s: failed to remove gid range %lu-%lu from '%s'\n"
 msgstr "%s: αποτυχία προετοιμασίας της νέας εγγραφής %s '%s'\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to add gid range %lu-%lu from '%s'\n"
+msgid "%s: failed to add gid range %lu-%lu to '%s'\n"
 msgstr "%s: αποτυχία προετοιμασίας της νέας εγγραφής %s '%s'\n"
 
 #, c-format
@@ -2679,6 +3136,9 @@ msgstr "%s: αδυναμία επαναφοράς %s: %s (οι αλλαγές ε
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: αποτυχία εύρεσης καταλόγου tcb %s\n"
 
+#~ msgid "Username         Port     From             Latest"
+#~ msgstr "Όνομα_Χρήστη     Θύρα     Από              Τελευταία"
+
 #~| msgid "Usage: %s [input]\n"
 #~ msgid ""
 #~ "Usage: vipw [options]\n"
@@ -2931,9 +3391,6 @@ msgstr "%s: αποτυχία εύρεσης καταλόγου tcb %s\n"
 #~ msgid "No shell\n"
 #~ msgstr "Δεν υπάρχει φλοιός\n"
 
-#~ msgid "%s: user %s is currently logged in\n"
-#~ msgstr "%s: Ο χρήστης %s βρίσκεται στο σύστημα\n"
-
 #, fuzzy
 #~ msgid ""
 #~ "Usage: usermod [options] LOGIN\n"
@@ -3318,9 +3775,6 @@ msgstr "%s: αποτυχία εύρεσης καταλόγου tcb %s\n"
 #~ msgid "%s: can't lock group file\n"
 #~ msgstr "%s: αδυναμία κλειδώματος του αρχείου ομάδων\n"
 
-#~ msgid "%s: can't open group file\n"
-#~ msgstr "%s: αδυναμία ανοίγματος του αρχείου ομάδων\n"
-
 #, fuzzy
 #~ msgid "%s: can't lock gshadow file\n"
 #~ msgstr "%s: αδυναμία κλειδώματος του αρχείου σκιωδών συνθηματικών\n"
@@ -3391,9 +3845,6 @@ msgstr "%s: αποτυχία εύρεσης καταλόγου tcb %s\n"
 #~ msgstr ""
 #~ "%s: Αδυναμία δημιουργίας κλειδώματος του αρχείου σκιωδών συνθηματικών\n"
 
-#~ msgid "%s: can't open file\n"
-#~ msgstr "%s: αδυναμία ανοίγματος του αρχείου\n"
-
 #~ msgid "%s: can't re-write shadow file\n"
 #~ msgstr "%s: αδυναμία επανεγγραφής αρχείου σκιωδών συνθηματικών\n"
 
@@ -3553,9 +4004,6 @@ msgstr "%s: αποτυχία εύρεσης καταλόγου tcb %s\n"
 #~ msgid "%s: can't open files\n"
 #~ msgstr "%s: αδυναμία ανοίγματος των αρχείων\n"
 
-#~ msgid "%s: error updating files\n"
-#~ msgstr "%s: Σφάλμα κατά την ενημέρωση αρχείων\n"
-
 #~ msgid "%s: can't update passwd entry for %s\n"
 #~ msgstr "%s: αδυναμία ανανέωσης καταχώρησης συνθηματικού για τον %s\n"
 
@@ -3588,9 +4036,6 @@ msgstr "%s: αποτυχία εύρεσης καταλόγου tcb %s\n"
 #~ msgid "%s: Out of memory. Cannot update the shadow group database.\n"
 #~ msgstr "%s:  στο update_gshadow\n"
 
-#~ msgid "%s: cannot rewrite password file\n"
-#~ msgstr "%s: αδυναμία επανεγγραφής του αρχείου συνθηματικών\n"
-
 #~ msgid "%s: cannot rewrite shadow password file\n"
 #~ msgstr "%s: αδυναμία επανεγγραφής του αρχείου σκιωδών συνθηματικών\n"
 

po/es.po

@@ -32,7 +32,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.1.4.2\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2016-09-18 14:03-0500\n"
+"POT-Creation-Date: 2021-07-04 12:20+0200\n"
 "PO-Revision-Date: 2011-11-23 23:56+0100\n"
 "Last-Translator: Francisco Javier Cuadrado <fcocuadrado@gmail.com>\n"
 "Language-Team: Debian l10n Spanish <debian-l10n-spanish@lists.debian.org>\n"
@@ -81,6 +81,15 @@ msgstr "Contraseña: "
 msgid "%s's Password: "
 msgstr "Contraseña de %s: "
 
+#, fuzzy
+#| msgid "Cannot open audit interface - aborting.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "No se pudo abrir la interfaz de auditoría, abortando.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
 #, c-format
 msgid "[libsemanage]: %s\n"
 msgstr ""
@@ -329,10 +338,6 @@ msgstr[1] ""
 "%d fallos desde el último acceso.\n"
 "El último fue %s en %s.\n"
 
-#, c-format
-msgid "%s: Invalid configuration: GID_MIN (%lu), GID_MAX (%lu)\n"
-msgstr "%s: configuración incorrecta: GID_MIN (%lu), GID_MAX (%lu)\n"
-
 #, c-format
 msgid ""
 "%s: Invalid configuration: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
@@ -341,23 +346,64 @@ msgstr ""
 "%s: configuración incorrecta: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
 "(%lu)\n"
 
+#, c-format
+msgid "%s: Invalid configuration: GID_MIN (%lu), GID_MAX (%lu)\n"
+msgstr "%s: configuración incorrecta: GID_MIN (%lu), GID_MAX (%lu)\n"
+
+#, c-format
+msgid "%s: Encountered error attempting to use preferred GID: %s\n"
+msgstr ""
+
 #, c-format
 msgid "%s: failed to allocate memory: %s\n"
 msgstr "%s: se produjo un fallo al reservar memoria: %s\n"
 
-#, c-format
-msgid "%s: Can't get unique system GID (no more available GIDs)\n"
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique system GID (no more available GIDs)\n"
+msgid ""
+"%s: Can't get unique system GID (%s). Suppressing additional messages.\n"
 msgstr ""
 "%s: no se pudo obtener un GID único del sistema (no hay más GID "
 "disponibles)\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique GID (no more available GIDs)\n"
+msgid "%s: Can't get unique GID (%s). Suppressing additional messages.\n"
+msgstr "%s: no se pudo obtener un GID único (no hay más GID disponibles)\n"
+
 #, c-format
 msgid "%s: Can't get unique GID (no more available GIDs)\n"
 msgstr "%s: no se pudo obtener un GID único (no hay más GID disponibles)\n"
 
-#, c-format
-msgid "%s: Invalid configuration: UID_MIN (%lu), UID_MAX (%lu)\n"
-msgstr "%s: configuración incorrecta: UID_MIN (%lu), UID_MAX (%lu)\n"
+#, fuzzy, c-format
+#| msgid ""
+#| "%s: Invalid configuration: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
+#| "(%lu)\n"
+msgid ""
+"%s: Invalid configuration: SUB_GID_MIN (%lu), SUB_GID_MAX (%lu), "
+"SUB_GID_COUNT (%lu)\n"
+msgstr ""
+"%s: configuración incorrecta: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
+"(%lu)\n"
+
+#, fuzzy, c-format
+msgid "%s: Can't get unique subordinate GID range\n"
+msgstr "%s: no se pudo crear el usuario\n"
+
+#, fuzzy, c-format
+#| msgid ""
+#| "%s: Invalid configuration: SYS_UID_MIN (%lu), UID_MIN (%lu), SYS_UID_MAX "
+#| "(%lu)\n"
+msgid ""
+"%s: Invalid configuration: SUB_UID_MIN (%lu), SUB_UID_MAX (%lu), "
+"SUB_UID_COUNT (%lu)\n"
+msgstr ""
+"%s: configuración incorrecta: SYS_UID_MIN (%lu), UID_MIN (%lu), SYS_UID_MAX "
+"(%lu)\n"
+
+#, fuzzy, c-format
+msgid "%s: Can't get unique subordinate UID range\n"
+msgstr "%s: no se pudo crear el usuario\n"
 
 #, c-format
 msgid ""
@@ -368,15 +414,75 @@ msgstr ""
 "(%lu)\n"
 
 #, c-format
-msgid "%s: Can't get unique system UID (no more available UIDs)\n"
+msgid "%s: Invalid configuration: UID_MIN (%lu), UID_MAX (%lu)\n"
+msgstr "%s: configuración incorrecta: UID_MIN (%lu), UID_MAX (%lu)\n"
+
+#, c-format
+msgid "%s: Encountered error attempting to use preferred UID: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique system UID (no more available UIDs)\n"
+msgid ""
+"%s: Can't get unique system UID (%s). Suppressing additional messages.\n"
 msgstr ""
 "%s: no se pudo obtener un UID único del sistema (no hay más UID "
 "disponibles)\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique UID (no more available UIDs)\n"
+msgid "%s: Can't get unique UID (%s). Suppressing additional messages.\n"
+msgstr "%s: no se pudo obtener un UID único (no hay más UID disponibles)\n"
+
 #, c-format
 msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: no se pudo obtener un UID único (no hay más UID disponibles)\n"
 
+#, c-format
+msgid "%s: Not enough arguments to form %u mappings\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: Authentication failure\n"
+msgid "%s: Memory allocation failure\n"
+msgstr "%s: se produjo un fallo en la autenticación\n"
+
+#, c-format
+msgid "%s: subuid overflow detected.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: invalid field '%s'\n"
+msgid "%s: Invalid map file %s specified\n"
+msgstr "%s: campo «%s» incorrecto\n"
+
+#, c-format
+msgid "%s: Could not prctl(PR_SET_KEEPCAPS)\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Could not seteuid to %d\n"
+msgstr "No se pudo reservar espacio para la información de configuración.\n"
+
+#, fuzzy, c-format
+msgid "%s: Could not set caps\n"
+msgstr "No se pudo reservar espacio para la información de configuración.\n"
+
+#, fuzzy, c-format
+#| msgid "%s: can't open file\n"
+msgid "%s: snprintf failed!\n"
+msgstr "%s: no se puede abrir el fichero\n"
+
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: open of %s failed: %s\n"
+msgstr "%s: línea %d: chown %s falló: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: write to %s failed: %s\n"
+msgstr "%s: línea %d: chown %s falló: %s\n"
+
 msgid "Too many logins.\n"
 msgstr "Demasiados accesos.\n"
 
@@ -428,6 +534,27 @@ msgstr "passwd: no se ha cambiado la contraseña\n"
 msgid "passwd: password updated successfully\n"
 msgstr "passwd: contraseña actualizada correctamente\n"
 
+#, c-format
+msgid "%s: PAM modules requesting echoing are not supported.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: repository %s not supported\n"
+msgid "%s: conversation type %d not supported.\n"
+msgstr "%s: repositorio %s no soportado\n"
+
+#, fuzzy, c-format
+#| msgid "%s: pam_start: error %d\n"
+msgid "%s: (user %s) pam_start failure %d\n"
+msgstr "%s: pam_start: error %d\n"
+
+#, fuzzy, c-format
+#| msgid "passwd: pam_start() failed, error %d\n"
+msgid ""
+"%s: (user %s) pam_chauthtok() failed, error:\n"
+"%s\n"
+msgstr "passwd: pam_start() falló, error %d\n"
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "Contraseña incorrecta para %s.\n"
@@ -460,6 +587,10 @@ msgstr "%s: no se pudo crear el directorio %s: %s\n"
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: se produjo un fallo al crear el directorio tcb para %s\n"
 
+#, c-format
+msgid "Unable to obtain random bytes.\n"
+msgstr ""
+
 #, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
@@ -468,6 +599,13 @@ msgstr ""
 "El valor de ENCRYPT_METHOD no es válido: «%s».\n"
 "Se usará DES, el valor predeterminado.\n"
 
+#, c-format
+msgid ""
+"Unable to generate a salt from setting \"%s\", check your settings in "
+"ENCRYPT_METHOD and the corresponding configuration for your selected hash "
+"method.\n"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Incapaz de cambiar el directorio a «%s»\n"
@@ -487,6 +625,15 @@ msgstr "Directorio raíz «%s» incorrecto\n"
 msgid "Can't change root directory to '%s'\n"
 msgstr "No se pudo cambiar el directorio raíz a «%s»\n"
 
+#, c-format
+msgid "%s: user %s is currently logged in\n"
+msgstr "%s: el usuario %s está actualmente identificado en el sistema\n"
+
+#, fuzzy, c-format
+#| msgid "%s: user %s is currently logged in\n"
+msgid "%s: user %s is currently used by process %d\n"
+msgstr "%s: el usuario %s está actualmente identificado en el sistema\n"
+
 msgid "Unable to determine your tty name."
 msgstr "No se pudo determinar el nombre de su tty."
 
@@ -519,6 +666,11 @@ msgid "  -h, --help                    display this help message and exit\n"
 msgstr ""
 "  -h, --help                    muestra este mensaje de ayuda y termina\n"
 
+#, fuzzy
+#| msgid "  -g, --group                   edit group database\n"
+msgid "  -i, --iso8601                 use YYYY-MM-DD when printing dates\n"
+msgstr "  -g, --group                   edita la base de datos del grupo\n"
+
 msgid ""
 "  -I, --inactive INACTIVE       set password inactive after expiration\n"
 "                                to INACTIVE\n"
@@ -711,6 +863,10 @@ msgstr "Teléfono de casa"
 msgid "Other"
 msgstr "Otro"
 
+#, c-format
+msgid "%s: fields too long\n"
+msgstr "%s: campos demasiado largos\n"
+
 msgid "Cannot change ID to root.\n"
 msgstr ""
 "No se puede cambiar el identificador al usuario del administrador («root»).\n"
@@ -763,10 +919,6 @@ msgstr "%s: «%s» es el NIS maestro para este cliente.\n"
 msgid "Changing the user information for %s\n"
 msgstr "Cambiando la información de usuario para %s\n"
 
-#, c-format
-msgid "%s: fields too long\n"
-msgstr "%s: campos demasiado largos\n"
-
 #, c-format
 msgid ""
 "Usage: %s [options]\n"
@@ -792,9 +944,13 @@ msgstr ""
 "  -m, --md5                     cifra la contraseña en claro utilizando\n"
 "                                el algoritmo MD5\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -s, --sha-rounds              number of SHA rounds for the SHA*\n"
+#| "                                crypt algorithms\n"
 msgid ""
-"  -s, --sha-rounds              number of SHA rounds for the SHA*\n"
-"                                crypt algorithms\n"
+"  -s, --sha-rounds              number of rounds for the SHA, BCRYPT\n"
+"                                or YESCRYPT crypt algorithms\n"
 msgstr ""
 "  -s, --sha-rounds              número de rondas SHA para los algoritmos\n"
 "                                de cifrado SHA*\n"
@@ -1110,6 +1266,19 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  crea una cuenta del sistema\n"
 
+msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
+msgstr ""
+
+#, fuzzy
+#| msgid "  -l, --list                    list the members of the group\n"
+msgid "  -U, --users USERS             list of user members of this group\n"
+msgstr "  -l, --list                    lista los miembros del grupo\n"
+
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Invalid member username %s\n"
+msgstr "nombre de usuario «%s» incorrecto\n"
+
 #, c-format
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: «%s» no es un nombre de grupo válido\n"
@@ -1134,6 +1303,11 @@ msgstr "%s: el GID «%lu» ya existe\n"
 msgid "%s: Cannot setup cleanup service.\n"
 msgstr "%s: no se pudo determinar su nombre de usuario.\n"
 
+msgid ""
+"  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/"
+"* files\n"
+msgstr ""
+
 #, fuzzy
 msgid ""
 "  -f, --force                   delete group even if it is the primary group "
@@ -1221,6 +1395,18 @@ msgstr "%s: su nombre de grupo no coincide con su nombre de usuario\n"
 msgid "%s: only root can use the -g/--group option\n"
 msgstr "%s: sólo el administrador puede utilizar la opción -g/--group\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -l, --no-log-init             do not add the user to the lastlog and\n"
+#| "                                faillog databases\n"
+msgid ""
+"  -a, --append                  append the users mentioned by -U option to "
+"the group \n"
+"                                without removing existing user members\n"
+msgstr ""
+"  -l, --no-log-init             no añade el usuario a las bases de datos de\n"
+"                                lastlog y faillog\n"
+
 msgid "  -g, --gid GID                 change the group ID to GID\n"
 msgstr ""
 "  -g, --gid GID                 cambia el identificador del grupo a GID\n"
@@ -1280,6 +1466,10 @@ msgstr ""
 msgid "  -s, --sort                    sort entries by UID\n"
 msgstr ""
 
+msgid ""
+"  -S, --silence-warnings        silence controversial/paranoid warnings\n"
+msgstr ""
+
 #, c-format
 msgid "%s: -s and -r are incompatible\n"
 msgstr "%s: -s y -r son incompatibles\n"
@@ -1400,8 +1590,10 @@ msgstr ""
 "  -u, --user USUARIO            muestra el registro de «lastlog» del "
 "USUARIO\n"
 
-msgid "Username         Port     From             Latest"
-msgstr "Nombre           Puerto   De               Último"
+#, fuzzy, c-format
+#| msgid "Username                Port     Latest"
+msgid "Username         Port     From%*sLatest\n"
+msgstr "Nombre                  Puerto   Último"
 
 msgid "Username                Port     Latest"
 msgstr "Nombre                  Puerto   Último"
@@ -1409,10 +1601,22 @@ msgstr "Nombre                  Puerto   Último"
 msgid "**Never logged in**"
 msgstr "**Nunca ha accedido**"
 
+#, c-format
+msgid ""
+"%s: Selected uid(s) are higher than LASTLOG_UID_MAX (%lu),\n"
+"\tthe output might be incorrect.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: Failed to update the entry for UID %lu\n"
 msgstr "%s: Se produjo un fallo al conseguir la entrada para el UID %lu\n"
 
+#, c-format
+msgid ""
+"%s: Selected uid(s) are higher than LASTLOG_UID_MAX (%lu),\n"
+"\tthey will not be updated.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: Failed to update the lastlog file\n"
 msgstr "%s: no puedo actualizar el fichero de contraseñas\n"
@@ -1539,6 +1743,55 @@ msgstr ""
 msgid "Usage: logoutd\n"
 msgstr "Modo de uso: logout\n"
 
+#, c-format
+msgid "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"
+msgstr ""
+
+#, c-format
+msgid ""
+"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+msgstr ""
+
+#, c-format
+msgid "%s: kernel doesn't support setgroups restrictions\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: can't open group file\n"
+msgid "%s: couldn't open process setgroups: %s\n"
+msgstr "%s: no se puede abrir el fichero de grupos\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to remove %s\n"
+msgid "%s: failed to read setgroups: %s\n"
+msgstr "%s: se produjo un fallo al eliminar %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to remove %s\n"
+msgid "%s: failed to seek setgroups: %s\n"
+msgstr "%s: se produjo un fallo al eliminar %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to unlock %s\n"
+msgid "%s: failed to setgroups %s policy: %s\n"
+msgstr "%s: se produjo un fallo al desbloquear %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to find tcb directory for %s\n"
+msgid "%s: Could not open proc directory for target %u\n"
+msgstr "%s: se produjo un fallo al buscar el directorio tcb de %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: Failed to create tcb directory for %s\n"
+msgid "%s: Could not stat directory for target %u\n"
+msgstr "%s: se produjo un fallo al crear el directorio tcb para %s\n"
+
+#, c-format
+msgid ""
+"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
+"gid:%lu pw_gid:%lu st_gid:%lu\n"
+msgstr ""
+
 msgid "Usage: newgrp [-] [group]\n"
 msgstr "Modo de uso: newgrp [-] [grupo]\n"
 
@@ -1563,6 +1816,26 @@ msgstr "%s: el GID «%lu» no existe\n"
 msgid "too many groups\n"
 msgstr "demasiados grupos\n"
 
+#, c-format
+msgid "%s: uid range [%lu-%lu) -> [%lu-%lu) not allowed\n"
+msgstr ""
+
+#, c-format
+msgid ""
+"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+msgstr ""
+
+#, c-format
+msgid ""
+"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
+"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
+msgstr ""
+
+#, fuzzy
+#| msgid "  -q, --quiet                   quiet mode\n"
+msgid "  -b, --badnames                allow bad names\n"
+msgstr "  -q, --quiet                   modo silencioso\n"
+
 msgid "  -r, --system                  create system accounts\n"
 msgstr "  -r, --system                  crea cuentas del sistema\n"
 
@@ -1604,6 +1877,11 @@ msgstr "%s: línea %d: el usuario «%s» no existe en %s\n"
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: línea %d: no se puede actualizar la contraseña\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: mkdir %s failed: %s\n"
+msgid "%s: line %d: homedir must be an absolute path\n"
+msgstr "%s: línea %d: mkdir %s falló: %s\n"
+
 #, c-format
 msgid "%s: line %d: mkdir %s failed: %s\n"
 msgstr "%s: línea %d: mkdir %s falló: %s\n"
@@ -1761,8 +2039,9 @@ msgstr ""
 msgid "%s: repository %s not supported\n"
 msgstr "%s: repositorio %s no soportado\n"
 
-#, c-format
-msgid "%s: %s is not authorized to change the password of %s\n"
+#, fuzzy, c-format
+#| msgid "%s: %s is not authorized to change the password of %s\n"
+msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr "%s: %s no está autorizado a cambiar la contraseña de %s\n"
 
 #, c-format
@@ -1919,9 +2198,11 @@ msgstr "%s: funcionamiento incorrecto del enmascaramiento de la señal\n"
 msgid "Session terminated, terminating shell..."
 msgstr "Sesión finalizada, parando la consola ..."
 
+#, c-format
 msgid " ...killed.\n"
 msgstr " ... finalizado.\n"
 
+#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr " ... esperando a que el hijo finalice.\n"
 
@@ -1932,8 +2213,22 @@ msgstr " ... parada.\n"
 msgid "%s: %s\n"
 msgstr "%s: %s\n"
 
+#, fuzzy
+#| msgid ""
+#| "Usage: su [options] [LOGIN]\n"
+#| "\n"
+#| "Options:\n"
+#| "  -c, --command COMMAND         pass COMMAND to the invoked shell\n"
+#| "  -h, --help                    display this help message and exit\n"
+#| "  -, -l, --login                make the shell a login shell\n"
+#| "  -m, -p,\n"
+#| "  --preserve-environment        do not reset environment variables, and\n"
+#| "                                keep the same shell\n"
+#| "  -s, --shell SHELL             use SHELL instead of the default in "
+#| "passwd\n"
+#| "\n"
 msgid ""
-"Usage: su [options] [LOGIN]\n"
+"Usage: su [options] [-] [username [args]]\n"
 "\n"
 "Options:\n"
 "  -c, --command COMMAND         pass COMMAND to the invoked shell\n"
@@ -1944,6 +2239,7 @@ msgid ""
 "                                keep the same shell\n"
 "  -s, --shell SHELL             use SHELL instead of the default in passwd\n"
 "\n"
+"If no username is given, assume root.\n"
 msgstr ""
 "Modo de uso: su [opciones] [USUARIO]\n"
 "\n"
@@ -1967,6 +2263,14 @@ msgstr ""
 "%s: %s\n"
 "(Ignorado)\n"
 
+#, c-format
+msgid "Password field is empty, this is forbidden for all accounts.\n"
+msgstr ""
+
+#, c-format
+msgid "Password field is empty, this is forbidden for super-user.\n"
+msgstr ""
+
 #, c-format
 msgid "You are not authorized to su %s\n"
 msgstr "No está autorizado a usar su %s\n"
@@ -2032,6 +2336,12 @@ msgstr "%s: se creó %s, pero no se pudo eliminar\n"
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%s: se ignorará la configuración %s en %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "%s: cannot create new defaults file: %s\n"
+msgstr ""
+"%s: no se puede crear un nuevo fichero de preferencias predeterminadas\n"
+
 #, c-format
 msgid "%s: cannot create new defaults file\n"
 msgstr ""
@@ -2062,6 +2372,11 @@ msgstr "%s: el grupo «%s» es un grupo NIS.\n"
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: demasiados grupos especificados (el máximo es %d).\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Out of memory. Cannot update %s.\n"
+msgid "%s: Out of memory. Cannot find group '%s'.\n"
+msgstr "%s: sin memoria. No se pudo actualizar %s.\n"
+
 #, c-format
 msgid ""
 "Usage: %s [options] LOGIN\n"
@@ -2076,6 +2391,12 @@ msgstr ""
 "\n"
 "Opciones:\n"
 
+#, fuzzy
+#| msgid "  -s, --shadow                  edit shadow or gshadow database\n"
+msgid "      --badnames                do not check for bad names\n"
+msgstr ""
+"  -s, --shadow                  edita la base de datos shadow o gshadow\n"
+
 msgid ""
 "  -b, --base-dir BASE_DIR       base directory for the home directory of "
 "the\n"
@@ -2084,6 +2405,10 @@ msgstr ""
 "  -b, --base-dir DIR_BASE       directorio base para el directorio personal\n"
 "                                de la nueva cuenta\n"
 
+msgid ""
+"      --btrfs-subvolume-home    use BTRFS subvolume for home directory\n"
+msgstr ""
+
 msgid "  -c, --comment COMMENT         GECOS field of the new account\n"
 msgstr "  -c, --comment COMENTARIO      campo GECOS de la nueva cuenta\n"
 
@@ -2215,28 +2540,120 @@ msgstr "%s: campo «%s» incorrecto\n"
 msgid "%s: invalid shell '%s'\n"
 msgstr "%s: consola «%s» incorrecta\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Warning: %s is not executable\n"
+msgid "%s: Warning: missing or non-executable shell '%s'\n"
+msgstr "%s: aviso: %s no es un ejecutable\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot rewrite password file\n"
+msgid "%s: -Z cannot be used with --prefix\n"
+msgstr "%s: no se puede reescribir el fichero de contraseñas\n"
+
 #, c-format
 msgid "%s: -Z requires SELinux enabled kernel\n"
 msgstr "%s: -Z necesita que el núcleo tenga activado SELinux\n"
 
+#, fuzzy, c-format
+#| msgid "%s: invalid user name '%s'\n"
+msgid "%s: invalid user name '%s': use --badname to ignore\n"
+msgstr "%s: nombre de usuario «%s» incorrecto\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
+msgid "%s: failed to open the faillog file for UID %lu: %s\n"
+msgstr ""
+"%s: se produjo un fallo al reiniciar la entrada de faillog del UID %lu: %s\n"
+
 #, c-format
 msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
 msgstr ""
 "%s: se produjo un fallo al reiniciar la entrada de faillog del UID %lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
+msgid "%s: failed to close the faillog file for UID %lu: %s\n"
+msgstr ""
+"%s: se produjo un fallo al reiniciar la entrada de faillog del UID %lu: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
+msgid "%s: failed to open the lastlog file for UID %lu: %s\n"
+msgstr ""
+"%s: se produjo un fallo al reiniciar la entrada de lastlog del UID %lu: %s\n"
+
 #, c-format
 msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
 msgstr ""
 "%s: se produjo un fallo al reiniciar la entrada de lastlog del UID %lu: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
+msgid "%s: failed to close the lastlog file for UID %lu: %s\n"
+msgstr ""
+"%s: se produjo un fallo al reiniciar la entrada de lastlog del UID %lu: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
+msgid "%s: failed to reset the tallylog entry of user \"%s\"\n"
+msgstr ""
+"%s: se produjo un fallo al reiniciar la entrada de faillog del UID %lu: %s\n"
+
 #, fuzzy, c-format
 msgid "%s: failed to prepare the new %s entry\n"
 msgstr "%s: se produjo un fallo al preparar la nueva %s entrada «%s»\n"
 
+#, fuzzy, c-format
+#| msgid "%s: error updating files\n"
+msgid "%s: error while duplicating string %s\n"
+msgstr "%s: error actualizando los ficheros\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create directory %s\n"
+msgid "%s: cannot set SELinux context for home directory %s\n"
+msgstr "%s: no se puede crear el directorio %s\n"
+
+#, c-format
+msgid "%s: error while duplicating string in BTRFS check %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: %s home directory (%s) not found\n"
+msgid "%s: home directory \"%s\" must be mounted on BTRFS\n"
+msgstr "%s: %s directorio personal (%s) no encontrado\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to allocate memory: %s\n"
+msgid "%s: failed to create BTRFS subvolume: %s\n"
+msgstr "%s: se produjo un fallo al reservar memoria: %s\n"
+
 #, c-format
 msgid "%s: cannot create directory %s\n"
 msgstr "%s: no se puede crear el directorio %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: warning: chown on `%s' failed: %m\n"
+msgstr "%s: línea %d: chown %s falló: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: warning: chmod on `%s' failed: %m\n"
+msgstr "%s: línea %d: chown %s falló: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: warning: chown on '%s' failed: %m\n"
+msgstr "%s: línea %d: chown %s falló: %s\n"
+
+#, c-format
+msgid "%s: cannot reset SELinux file creation context\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: cannot set SELinux context for mailbox file %s\n"
+msgstr "Cambiando la información de la edad para %s\n"
+
 msgid "Creating mailbox file"
 msgstr "Creando el fichero del buzón de correo"
 
@@ -2249,6 +2666,17 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "Estableciendo los permisos del fichero del buzón de correo"
 
+#, c-format
+msgid ""
+"%s warning: %s's uid %d outside of the SYS_UID_MIN %d and SYS_UID_MAX %d "
+"range.\n"
+msgstr ""
+
+#, c-format
+msgid ""
+"%s warning: %s's uid %d outside of the UID_MIN %d and UID_MAX %d range.\n"
+msgstr ""
+
 #, c-format
 msgid "%s: user '%s' already exists\n"
 msgstr "%s: el usuario «%s» ya existe\n"
@@ -2283,10 +2711,13 @@ msgstr "%s: no se pudo crear el usuario\n"
 msgid "%s: can't create subordinate group IDs\n"
 msgstr "%s: no se puede crear el grupo\n"
 
-#, c-format
+#, fuzzy, c-format
+#| msgid ""
+#| "%s: warning: the home directory already exists.\n"
+#| "Not copying any file from skel directory into it.\n"
 msgid ""
-"%s: warning: the home directory already exists.\n"
-"Not copying any file from skel directory into it.\n"
+"%s: warning: the home directory %s already exists.\n"
+"%s: Not copying any file from skel directory into it.\n"
 msgstr ""
 "%s: aviso: el directorio personal ya existe.\n"
 "No se va a copiar ningún fichero del directorio «skel» en él.\n"
@@ -2297,9 +2728,15 @@ msgstr ""
 "%s: aviso: no se pudo relacionar el nombre del usuario %s con el usuario %s "
 "de SELinux.\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -f, --force                   force removal of files,\n"
+#| "                                even if not owned by user\n"
 msgid ""
-"  -f, --force                   force removal of files,\n"
-"                                even if not owned by user\n"
+"  -f, --force                   force some actions that would fail "
+"otherwise\n"
+"                                e.g. removal of user still logged in\n"
+"                                or files, even if not owned by the user\n"
 msgstr ""
 "  -f, --force                   forzar la eliminación de los ficheros,\n"
 "                                incluso si no pertenecen al usuario\n"
@@ -2377,6 +2814,11 @@ msgstr ""
 "%s: no se elimina el directorio %s (eliminaría el directorio personal del "
 "usuario %s)\n"
 
+#, fuzzy, c-format
+#| msgid "%s: error removing directory %s\n"
+msgid "%s: error removing subvolume %s\n"
+msgstr "%s: error eliminando el directorio %s\n"
+
 #, c-format
 msgid "%s: error removing directory %s\n"
 msgstr "%s: error eliminando el directorio %s\n"
@@ -2488,6 +2930,10 @@ msgstr ""
 msgid "%s: user '%s' already exists in %s\n"
 msgstr "%s: el usuario «%s» ya existe en %s\n"
 
+#, c-format
+msgid "%s: homedir must be an absolute path\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: invalid subordinate uid range '%s'\n"
 msgstr "%s: fecha «%s» incorrecta\n"
@@ -2532,6 +2978,10 @@ msgstr ""
 msgid "%s: Failed to change ownership of the home directory"
 msgstr "%s: se produjo un fallo al cambiar el dueño del directorio personal"
 
+#, c-format
+msgid "%s: error: cannot move subvolume from %s to %s - different device\n"
+msgstr ""
+
 #, c-format
 msgid "%s: warning: failed to completely remove old home directory %s"
 msgstr ""
@@ -2568,7 +3018,7 @@ msgid "%s: failed to remove uid range %lu-%lu from '%s'\n"
 msgstr "%s: se produjo un fallo al preparar la nueva %s entrada «%s»\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to add uid range %lu-%lu from '%s'\n"
+msgid "%s: failed to add uid range %lu-%lu to '%s'\n"
 msgstr "%s: se produjo un fallo al preparar la nueva %s entrada «%s»\n"
 
 #, fuzzy, c-format
@@ -2576,7 +3026,7 @@ msgid "%s: failed to remove gid range %lu-%lu from '%s'\n"
 msgstr "%s: se produjo un fallo al preparar la nueva %s entrada «%s»\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to add gid range %lu-%lu from '%s'\n"
+msgid "%s: failed to add gid range %lu-%lu to '%s'\n"
 msgstr "%s: se produjo un fallo al preparar la nueva %s entrada «%s»\n"
 
 #, c-format
@@ -2669,6 +3119,9 @@ msgstr "%s: no se puede restaurar %s: %s (sus cambios están en %s)\n"
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: se produjo un fallo al buscar el directorio tcb de %s\n"
 
+#~ msgid "Username         Port     From             Latest"
+#~ msgstr "Nombre           Puerto   De               Último"
+
 #~ msgid "  -c, --crypt-method            the crypt method (one of %s)\n"
 #~ msgstr "  -c, --crypt-method            el método de cifrado (uno de %s)\n"
 
@@ -2944,9 +3397,6 @@ msgstr "%s: se produjo un fallo al buscar el directorio tcb de %s\n"
 #~ "                                correo\n"
 #~ "\n"
 
-#~ msgid "%s: user %s is currently logged in\n"
-#~ msgstr "%s: el usuario %s está actualmente identificado en el sistema\n"
-
 #~ msgid ""
 #~ "Usage: usermod [options] LOGIN\n"
 #~ "\n"
@@ -3320,9 +3770,6 @@ msgstr "%s: se produjo un fallo al buscar el directorio tcb de %s\n"
 #~ msgid "%s: can't lock group file\n"
 #~ msgstr "%s: no se puede bloquear el fichero de grupos\n"
 
-#~ msgid "%s: can't open group file\n"
-#~ msgstr "%s: no se puede abrir el fichero de grupos\n"
-
 #~ msgid "%s: can't lock gshadow file\n"
 #~ msgstr "%s: no se puede abrir el fichero de contraseñas ocultas (shadow)\n"
 
@@ -3387,9 +3834,6 @@ msgstr "%s: se produjo un fallo al buscar el directorio tcb de %s\n"
 #~ msgid "%s: can't get shadow lock\n"
 #~ msgstr "%s: no se puede obtener el bloqueo de shadow\n"
 
-#~ msgid "%s: can't open file\n"
-#~ msgstr "%s: no se puede abrir el fichero\n"
-
 #~ msgid "%s: can't re-write shadow file\n"
 #~ msgstr "%s: no se puede reescribir el fichero oculto (shadow)\n"
 
@@ -3540,9 +3984,6 @@ msgstr "%s: se produjo un fallo al buscar el directorio tcb de %s\n"
 #~ msgid "%s: can't open files\n"
 #~ msgstr "%s: no se pueden abrir los ficheros\n"
 
-#~ msgid "%s: error updating files\n"
-#~ msgstr "%s: error actualizando los ficheros\n"
-
 #~ msgid "%s: can't update passwd entry for %s\n"
 #~ msgstr "%s: no se puede actualizar la entrada de la contraseña para %s\n"
 
@@ -3575,9 +4016,6 @@ msgstr "%s: se produjo un fallo al buscar el directorio tcb de %s\n"
 #~ msgid "%s: Out of memory. Cannot update the shadow group database.\n"
 #~ msgstr "%s: sin memoria en update_gshadow\n"
 
-#~ msgid "%s: cannot rewrite password file\n"
-#~ msgstr "%s: no se puede reescribir el fichero de contraseñas\n"
-
 #~ msgid "%s: cannot rewrite shadow password file\n"
 #~ msgstr ""
 #~ "%s: no se puede reescribir el fichero de contraseñas ocultas (shadow)\n"

po/eu.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: eu\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
-"POT-Creation-Date: 2016-09-18 14:03-0500\n"
+"POT-Creation-Date: 2021-07-04 12:20+0200\n"
 "PO-Revision-Date: 2011-11-26 19:42+0100\n"
 "Last-Translator: Piarres Beobide <pi@beobide.net>\n"
 "Language-Team: Euskara <debian-l10n-eu@lists.debian.org>\n"
@@ -57,6 +57,15 @@ msgstr "Pasahitza: "
 msgid "%s's Password: "
 msgstr "%s (r)en pasahitza: "
 
+#, fuzzy
+#| msgid "Cannot open audit interface - aborting.\n"
+msgid "Cannot open audit interface.\n"
+msgstr "Ezin da auditatzeko interfazea ireki - uzten.\n"
+
+#, c-format
+msgid "%s: can not get previous SELinux process context: %s\n"
+msgstr ""
+
 #, c-format
 msgid "[libsemanage]: %s\n"
 msgstr ""
@@ -301,14 +310,18 @@ msgstr[1] ""
 "%d hutsegite azken saio hasieratik.\n"
 "Azkena %s izan zen %s(e)n.\n"
 
+#, c-format
+msgid ""
+"%s: Invalid configuration: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
+"(%lu)\n"
+msgstr ""
+
 #, c-format
 msgid "%s: Invalid configuration: GID_MIN (%lu), GID_MAX (%lu)\n"
 msgstr ""
 
 #, c-format
-msgid ""
-"%s: Invalid configuration: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX "
-"(%lu)\n"
+msgid "%s: Encountered error attempting to use preferred GID: %s\n"
 msgstr ""
 
 #, fuzzy, c-format
@@ -316,18 +329,40 @@ msgid "%s: failed to allocate memory: %s\n"
 msgstr "huts egin du postontzia jabez aldatzean"
 
 #, fuzzy, c-format
-msgid "%s: Can't get unique system GID (no more available GIDs)\n"
+msgid ""
+"%s: Can't get unique system GID (%s). Suppressing additional messages.\n"
 msgstr ""
 "%s: Ezin da sistema UID bakarra lortu (ez dago UID erabilgarri gehiago)\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique GID (no more available GIDs)\n"
+msgid "%s: Can't get unique GID (%s). Suppressing additional messages.\n"
+msgstr "%s: Ezin da GID bakarra lortu (ez dago GID erabilgarri gehiago)\n"
+
 #, c-format
 msgid "%s: Can't get unique GID (no more available GIDs)\n"
 msgstr "%s: Ezin da GID bakarra lortu (ez dago GID erabilgarri gehiago)\n"
 
 #, c-format
-msgid "%s: Invalid configuration: UID_MIN (%lu), UID_MAX (%lu)\n"
+msgid ""
+"%s: Invalid configuration: SUB_GID_MIN (%lu), SUB_GID_MAX (%lu), "
+"SUB_GID_COUNT (%lu)\n"
 msgstr ""
 
+#, fuzzy, c-format
+msgid "%s: Can't get unique subordinate GID range\n"
+msgstr "%s: ezin da erabiltzailea sortu\n"
+
+#, c-format
+msgid ""
+"%s: Invalid configuration: SUB_UID_MIN (%lu), SUB_UID_MAX (%lu), "
+"SUB_UID_COUNT (%lu)\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Can't get unique subordinate UID range\n"
+msgstr "%s: ezin da erabiltzailea sortu\n"
+
 #, c-format
 msgid ""
 "%s: Invalid configuration: SYS_UID_MIN (%lu), UID_MIN (%lu), SYS_UID_MAX "
@@ -335,14 +370,73 @@ msgid ""
 msgstr ""
 
 #, c-format
-msgid "%s: Can't get unique system UID (no more available UIDs)\n"
+msgid "%s: Invalid configuration: UID_MIN (%lu), UID_MAX (%lu)\n"
+msgstr ""
+
+#, c-format
+msgid "%s: Encountered error attempting to use preferred UID: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique system UID (no more available UIDs)\n"
+msgid ""
+"%s: Can't get unique system UID (%s). Suppressing additional messages.\n"
 msgstr ""
 "%s: Ezin da sistema UID bakarra lortu (ez dago UID erabilgarri gehiago)\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Can't get unique UID (no more available UIDs)\n"
+msgid "%s: Can't get unique UID (%s). Suppressing additional messages.\n"
+msgstr "%s: ezin da UID bakarra lortu (ez dago UID erabilgarri gehiago)\n"
+
 #, c-format
 msgid "%s: Can't get unique UID (no more available UIDs)\n"
 msgstr "%s: ezin da UID bakarra lortu (ez dago UID erabilgarri gehiago)\n"
 
+#, c-format
+msgid "%s: Not enough arguments to form %u mappings\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: Authentication failure\n"
+msgid "%s: Memory allocation failure\n"
+msgstr "%s: ¡autentifikazio errorea\n"
+
+#, c-format
+msgid "%s: subuid overflow detected.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: invalid field '%s'\n"
+msgid "%s: Invalid map file %s specified\n"
+msgstr "%s: '%s' eremu baliogabea\n"
+
+#, c-format
+msgid "%s: Could not prctl(PR_SET_KEEPCAPS)\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: Could not seteuid to %d\n"
+msgstr "Ezin izan da lekua esleitu, konfigurazioaren informaziorako.\n"
+
+#, fuzzy, c-format
+msgid "%s: Could not set caps\n"
+msgstr "Ezin izan da lekua esleitu, konfigurazioaren informaziorako.\n"
+
+#, c-format
+msgid "%s: snprintf failed!\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: open of %s failed: %s\n"
+msgstr "%s: %d lerroa: chown %s-ek huts egin du: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: write to %s failed: %s\n"
+msgstr "%s: %d lerroa: chown %s-ek huts egin du: %s\n"
+
 msgid "Too many logins.\n"
 msgstr "Gehiegizko saio hasierak.\n"
 
@@ -394,6 +488,27 @@ msgstr "passwd: pasahitza ez da aldatu\n"
 msgid "passwd: password updated successfully\n"
 msgstr "passwd: pasahitza ongi eguneratu da\n"
 
+#, c-format
+msgid "%s: PAM modules requesting echoing are not supported.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: repository %s not supported\n"
+msgid "%s: conversation type %d not supported.\n"
+msgstr "%s: %s biltegia ez da onartzen\n"
+
+#, fuzzy, c-format
+#| msgid "%s: pam_start: error %d\n"
+msgid "%s: (user %s) pam_start failure %d\n"
+msgstr "%s: pam_start: %d errorea\n"
+
+#, fuzzy, c-format
+#| msgid "passwd: pam_start() failed, error %d\n"
+msgid ""
+"%s: (user %s) pam_chauthtok() failed, error:\n"
+"%s\n"
+msgstr "passwd: pam_start() huts egin du, errorea: %d\n"
+
 #, c-format
 msgid "Incorrect password for %s.\n"
 msgstr "%s(r)en pasahitz okerra.\n"
@@ -426,6 +541,10 @@ msgstr "%s: ezin da %s direktorioa sortu\n"
 msgid "%s: unable to chroot to directory %s: %s\n"
 msgstr "%s: ezin da %s direktorioa sortu\n"
 
+#, c-format
+msgid "Unable to obtain random bytes.\n"
+msgstr ""
+
 #, c-format
 msgid ""
 "Invalid ENCRYPT_METHOD value: '%s'.\n"
@@ -434,6 +553,13 @@ msgstr ""
 "ENCRYPT_METHOD balio baliogabea: '%s'.\n"
 "DES-era lehenesten.\n"
 
+#, c-format
+msgid ""
+"Unable to generate a salt from setting \"%s\", check your settings in "
+"ENCRYPT_METHOD and the corresponding configuration for your selected hash "
+"method.\n"
+msgstr ""
+
 #, c-format
 msgid "Unable to cd to '%s'\n"
 msgstr "Ezin da '%s'-ra direktorioa aldatu\n"
@@ -453,6 +579,15 @@ msgstr "Baliogabeko erro direktorioa '%s'\n"
 msgid "Can't change root directory to '%s'\n"
 msgstr "Ezin da erro direktorioa '%s'-ra aldatu\n"
 
+#, c-format
+msgid "%s: user %s is currently logged in\n"
+msgstr "%s: une honetan %s erabiltzaileak saioan sartuta dago\n"
+
+#, fuzzy, c-format
+#| msgid "%s: user %s is currently logged in\n"
+msgid "%s: user %s is currently used by process %d\n"
+msgstr "%s: une honetan %s erabiltzaileak saioan sartuta dago\n"
+
 msgid "Unable to determine your tty name."
 msgstr "Ezin da zure tty izena zehaztu."
 
@@ -485,6 +620,11 @@ msgid "  -h, --help                    display this help message and exit\n"
 msgstr ""
 "  -h, --help                    laguntza mezu hau bistarazi eta irten\n"
 
+#, fuzzy
+#| msgid "  -g, --group                   edit group database\n"
+msgid "  -i, --iso8601                 use YYYY-MM-DD when printing dates\n"
+msgstr "  -g, --group                   talde datu-basea editatu\n"
+
 msgid ""
 "  -I, --inactive INACTIVE       set password inactive after expiration\n"
 "                                to INACTIVE\n"
@@ -673,6 +813,10 @@ msgstr "Etxeko telefonoa"
 msgid "Other"
 msgstr "Bestelakoa"
 
+#, c-format
+msgid "%s: fields too long\n"
+msgstr "%s: eremu luzegiak\n"
+
 msgid "Cannot change ID to root.\n"
 msgstr "Ezin izan da IDa root-era aldatu.\n"
 
@@ -724,10 +868,6 @@ msgstr "%s: '%s' da bezero honen NIS nagusia.\n"
 msgid "Changing the user information for %s\n"
 msgstr "%s(r)en erabiltzaile informazioa aldatzen\n"
 
-#, c-format
-msgid "%s: fields too long\n"
-msgstr "%s: eremu luzegiak\n"
-
 #, c-format
 msgid ""
 "Usage: %s [options]\n"
@@ -752,9 +892,13 @@ msgstr ""
 "  -m, --md5                     zifratu testu laueko pasahitza MD5\n"
 "                                algoritmoa erabiliaz\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -s, --sha-rounds              number of SHA rounds for the SHA*\n"
+#| "                                crypt algorithms\n"
 msgid ""
-"  -s, --sha-rounds              number of SHA rounds for the SHA*\n"
-"                                crypt algorithms\n"
+"  -s, --sha-rounds              number of rounds for the SHA, BCRYPT\n"
+"                                or YESCRYPT crypt algorithms\n"
 msgstr ""
 "  -s, --sha-rounds              SHA* kriptografia algoritmoentzako\n"
 "                                SHA erronda kopurua\n"
@@ -1061,6 +1205,21 @@ msgstr ""
 msgid "  -r, --system                  create a system account\n"
 msgstr "  -r, --system                  sistema kontu bat sortu\n"
 
+#, fuzzy
+#| msgid "  -Q, --root CHROOT_DIR         directory to chroot into\n"
+msgid "  -P, --prefix PREFIX_DI        directory prefix\n"
+msgstr "  -r, --remove-password         TALDEaren pasahitaz kendu\n"
+
+#, fuzzy
+#| msgid "  -l, --list                    list the members of the group\n"
+msgid "  -U, --users USERS             list of user members of this group\n"
+msgstr "  -l, --list                    taldearen partaideak zerrendatu\n"
+
+#, fuzzy, c-format
+#| msgid "invalid user name '%s'\n"
+msgid "Invalid member username %s\n"
+msgstr "%s erabiltzaile-izen baliogabea\n"
+
 #, c-format
 msgid "%s: '%s' is not a valid group name\n"
 msgstr "%s: '%s' ez da baliozko talde-izena\n"
@@ -1085,6 +1244,11 @@ msgstr "%s: '%lu' GIDa badago dagoeneko\n"
 msgid "%s: Cannot setup cleanup service.\n"
 msgstr "%s: Ezin da Erabiltzaile izena zehaztu.\n"
 
+msgid ""
+"  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/"
+"* files\n"
+msgstr ""
+
 #, fuzzy
 msgid ""
 "  -f, --force                   delete group even if it is the primary group "
@@ -1173,6 +1337,22 @@ msgstr "%s: zure talde-izena ez da erabiltzaile-izenaren berdina\n"
 msgid "%s: only root can use the -g/--group option\n"
 msgstr "%s: root-ek bakarrik erabili dezake -g/--group aukera\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -a, --append                  append the user to the supplemental "
+#| "GROUPS\n"
+#| "                                mentioned by the -G option without "
+#| "removing\n"
+#| "                                the user from other groups\n"
+msgid ""
+"  -a, --append                  append the users mentioned by -U option to "
+"the group \n"
+"                                without removing existing user members\n"
+msgstr ""
+"  -a, --append                  gehitu erabiltzailea -G aukerak zehaztutako "
+"talde\n"
+"                                gehigarrietara beste taldeetatik kendu gabe\n"
+
 #, fuzzy
 msgid "  -g, --gid GID                 change the group ID to GID\n"
 msgstr "  -r, --system                  sortu sistema kontuak\n"
@@ -1229,6 +1409,10 @@ msgstr ""
 msgid "  -s, --sort                    sort entries by UID\n"
 msgstr ""
 
+msgid ""
+"  -S, --silence-warnings        silence controversial/paranoid warnings\n"
+msgstr ""
+
 #, c-format
 msgid "%s: -s and -r are incompatible\n"
 msgstr "%s: -s eta -r ezin dira batera erabili\n"
@@ -1348,8 +1532,10 @@ msgstr ""
 "  -u, --user IZENA              IZENA duen erabiltzailearen lastlog\n"
 "                                erregistroa bistaratzen du\n"
 
-msgid "Username         Port     From             Latest"
-msgstr "Erabiltzaile-izena        Ataka      Nondik           Azkena"
+#, fuzzy, c-format
+#| msgid "Username                Port     Latest"
+msgid "Username         Port     From%*sLatest\n"
+msgstr "Erabiltzaile-izena           Ataka          Azkena"
 
 msgid "Username                Port     Latest"
 msgstr "Erabiltzaile-izena           Ataka          Azkena"
@@ -1357,10 +1543,22 @@ msgstr "Erabiltzaile-izena           Ataka          Azkena"
 msgid "**Never logged in**"
 msgstr "**Inoiz ez du saiorik hasi**"
 
+#, c-format
+msgid ""
+"%s: Selected uid(s) are higher than LASTLOG_UID_MAX (%lu),\n"
+"\tthe output might be incorrect.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: Failed to update the entry for UID %lu\n"
 msgstr "%s: Huts %lu UIDaren sarrera eskuratzean\n"
 
+#, c-format
+msgid ""
+"%s: Selected uid(s) are higher than LASTLOG_UID_MAX (%lu),\n"
+"\tthey will not be updated.\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: Failed to update the lastlog file\n"
 msgstr "%s: huts %lu UIDaren lastlog sarrera berrezartzean: %s\n"
@@ -1490,6 +1688,52 @@ msgstr ""
 msgid "Usage: logoutd\n"
 msgstr "Erabilera: logoutd\n"
 
+#, c-format
+msgid "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"
+msgstr ""
+
+#, c-format
+msgid ""
+"usage: %s <pid> <gid> <lowergid> <count> [ <gid> <lowergid> <count> ] ... \n"
+msgstr ""
+
+#, c-format
+msgid "%s: kernel doesn't support setgroups restrictions\n"
+msgstr ""
+
+#, c-format
+msgid "%s: couldn't open process setgroups: %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: failed to remove %s\n"
+msgid "%s: failed to read setgroups: %s\n"
+msgstr "%s: huts %s kentzerakoan\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to remove %s\n"
+msgid "%s: failed to seek setgroups: %s\n"
+msgstr "%s: huts %s kentzerakoan\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to unlock %s\n"
+msgid "%s: failed to setgroups %s policy: %s\n"
+msgstr "%s: huts %s desblokeatzean\n"
+
+#, fuzzy, c-format
+msgid "%s: Could not open proc directory for target %u\n"
+msgstr "%s: oinarrizko '%s' direktorio baliogabea\n"
+
+#, fuzzy, c-format
+msgid "%s: Could not stat directory for target %u\n"
+msgstr "%s: ezin da %s direktorioa sortu\n"
+
+#, c-format
+msgid ""
+"%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, "
+"gid:%lu pw_gid:%lu st_gid:%lu\n"
+msgstr ""
+
 msgid "Usage: newgrp [-] [group]\n"
 msgstr "Erabilera: newgrp [-] [taldea]\n"
 
@@ -1514,6 +1758,26 @@ msgstr "%s: `%lu' GIDa ez da existitzen\n"
 msgid "too many groups\n"
 msgstr "talde gehiegi\n"
 
+#, c-format
+msgid "%s: uid range [%lu-%lu) -> [%lu-%lu) not allowed\n"
+msgstr ""
+
+#, c-format
+msgid ""
+"usage: %s <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... \n"
+msgstr ""
+
+#, c-format
+msgid ""
+"%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu "
+"st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n"
+msgstr ""
+
+#, fuzzy
+#| msgid "  -q, --quiet                   quiet mode\n"
+msgid "  -b, --badnames                allow bad names\n"
+msgstr "  -q, --quiet                   ixilik modua\n"
+
 msgid "  -r, --system                  create system accounts\n"
 msgstr "  -r, --system                  sortu sistema kontuak\n"
 
@@ -1555,6 +1819,11 @@ msgstr "%s: %d lerroa: `%s' erabiltzailea ez da existitzen %s-en\n"
 msgid "%s: line %d: can't update password\n"
 msgstr "%s: %d lerroa: ezin da pasahitza eguneratu\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: mkdir %s failed: %s\n"
+msgid "%s: line %d: homedir must be an absolute path\n"
+msgstr "%s: %d lerroa: mkdir %s-ek huts egin du: %s\n"
+
 #, c-format
 msgid "%s: line %d: mkdir %s failed: %s\n"
 msgstr "%s: %d lerroa: mkdir %s-ek huts egin du: %s\n"
@@ -1707,8 +1976,9 @@ msgstr ""
 msgid "%s: repository %s not supported\n"
 msgstr "%s: %s biltegia ez da onartzen\n"
 
-#, c-format
-msgid "%s: %s is not authorized to change the password of %s\n"
+#, fuzzy, c-format
+#| msgid "%s: %s is not authorized to change the password of %s\n"
+msgid "%s: root is not authorized by SELinux to change the password of %s\n"
 msgstr "%s: %s ez dago %s-ren pasahitza aldatzeko baimendurik\n"
 
 #, c-format
@@ -1862,9 +2132,11 @@ msgstr ""
 msgid "Session terminated, terminating shell..."
 msgstr ""
 
+#, c-format
 msgid " ...killed.\n"
 msgstr ""
 
+#, c-format
 msgid " ...waiting for child to terminate.\n"
 msgstr ""
 
@@ -1875,8 +2147,22 @@ msgstr ""
 msgid "%s: %s\n"
 msgstr "%s: %s\n"
 
+#, fuzzy
+#| msgid ""
+#| "Usage: su [options] [LOGIN]\n"
+#| "\n"
+#| "Options:\n"
+#| "  -c, --command COMMAND         pass COMMAND to the invoked shell\n"
+#| "  -h, --help                    display this help message and exit\n"
+#| "  -, -l, --login                make the shell a login shell\n"
+#| "  -m, -p,\n"
+#| "  --preserve-environment        do not reset environment variables, and\n"
+#| "                                keep the same shell\n"
+#| "  -s, --shell SHELL             use SHELL instead of the default in "
+#| "passwd\n"
+#| "\n"
 msgid ""
-"Usage: su [options] [LOGIN]\n"
+"Usage: su [options] [-] [username [args]]\n"
 "\n"
 "Options:\n"
 "  -c, --command COMMAND         pass COMMAND to the invoked shell\n"
@@ -1887,6 +2173,7 @@ msgid ""
 "                                keep the same shell\n"
 "  -s, --shell SHELL             use SHELL instead of the default in passwd\n"
 "\n"
+"If no username is given, assume root.\n"
 msgstr ""
 "Erabilera: su [aukerak] [IZENA]\n"
 "\n"
@@ -1909,6 +2196,14 @@ msgstr ""
 "%s: %s\n"
 "(Ez ikusi egin zaio)\n"
 
+#, c-format
+msgid "Password field is empty, this is forbidden for all accounts.\n"
+msgstr ""
+
+#, c-format
+msgid "Password field is empty, this is forbidden for super-user.\n"
+msgstr ""
+
 #, c-format
 msgid "You are not authorized to su %s\n"
 msgstr "Ez duzu 'su %s' exekutatzeko baimenik\n"
@@ -1973,6 +2268,11 @@ msgstr ""
 msgid "%s: the %s configuration in %s will be ignored\n"
 msgstr "%s: %s konfigurazioa %s-n dagoena alde batetara utziko da\n"
 
+#, fuzzy, c-format
+#| msgid "%s: cannot create new defaults file\n"
+msgid "%s: cannot create new defaults file: %s\n"
+msgstr "%s: ezin da lehenespen fitxategi berria sortu\n"
+
 #, c-format
 msgid "%s: cannot create new defaults file\n"
 msgstr "%s: ezin da lehenespen fitxategi berria sortu\n"
@@ -2001,6 +2301,11 @@ msgstr "%s: taldea '%s' NIS talde bat da.\n"
 msgid "%s: too many groups specified (max %d).\n"
 msgstr "%s: talde gehiegi zehaztu dira (geh. %d).\n"
 
+#, fuzzy, c-format
+#| msgid "%s: Out of memory. Cannot update %s.\n"
+msgid "%s: Out of memory. Cannot find group '%s'.\n"
+msgstr "%s: memoriarik ez. Ezin da %s eguneratu.\n"
+
 #, c-format
 msgid ""
 "Usage: %s [options] LOGIN\n"
@@ -2015,6 +2320,11 @@ msgstr ""
 "\n"
 "Aukerak:\n"
 
+#, fuzzy
+#| msgid "  -s, --shadow                  edit shadow or gshadow database\n"
+msgid "      --badnames                do not check for bad names\n"
+msgstr "  -s, --shadow                  shadow edo gshadow datubasea editatu\n"
+
 #, fuzzy
 msgid ""
 "  -b, --base-dir BASE_DIR       base directory for the home directory of "
@@ -2024,6 +2334,10 @@ msgstr ""
 "  -b, --base-dir BASE_DIR       Erabiltzaile kontu berriaren etxe\n"
 "                                direktorioaren oinarri direktorioa\n"
 
+msgid ""
+"      --btrfs-subvolume-home    use BTRFS subvolume for home directory\n"
+msgstr ""
+
 msgid "  -c, --comment COMMENT         GECOS field of the new account\n"
 msgstr ""
 
@@ -2128,26 +2442,110 @@ msgstr "%s: '%s' eremu baliogabea\n"
 msgid "%s: invalid shell '%s'\n"
 msgstr "%s: '%s' shell baliogabea\n"
 
+#, fuzzy, c-format
+msgid "%s: Warning: missing or non-executable shell '%s'\n"
+msgstr "%s: abisua: %s ez dago %s(r)en jabegoan\n"
+
+#, c-format
+msgid "%s: -Z cannot be used with --prefix\n"
+msgstr ""
+
 #, c-format
 msgid "%s: -Z requires SELinux enabled kernel\n"
 msgstr "%s: -Z-ek  SELinux gaituriko kernel bat behar du\n"
 
+#, fuzzy, c-format
+#| msgid "%s: invalid user name '%s'\n"
+msgid "%s: invalid user name '%s': use --badname to ignore\n"
+msgstr "%s: '%s' erabiltzaile-izen baliogabea\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
+msgid "%s: failed to open the faillog file for UID %lu: %s\n"
+msgstr "%s: huts %lu UIDaren faillog erregistroa berrezartzean: %s\n"
+
 #, c-format
 msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
 msgstr "%s: huts %lu UIDaren faillog erregistroa berrezartzean: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
+msgid "%s: failed to close the faillog file for UID %lu: %s\n"
+msgstr "%s: huts %lu UIDaren faillog erregistroa berrezartzean: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
+msgid "%s: failed to open the lastlog file for UID %lu: %s\n"
+msgstr "%s: huts %lu UIDaren lastlog sarrera berrezartzean: %s\n"
+
 #, c-format
 msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
 msgstr "%s: huts %lu UIDaren lastlog sarrera berrezartzean: %s\n"
 
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
+msgid "%s: failed to close the lastlog file for UID %lu: %s\n"
+msgstr "%s: huts %lu UIDaren lastlog sarrera berrezartzean: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: failed to reset the faillog entry of UID %lu: %s\n"
+msgid "%s: failed to reset the tallylog entry of user \"%s\"\n"
+msgstr "%s: huts %lu UIDaren faillog erregistroa berrezartzean: %s\n"
+
 #, fuzzy, c-format
 msgid "%s: failed to prepare the new %s entry\n"
 msgstr "%s: huts %s sarrera  berria prestatzean '%s'\n"
 
+#, fuzzy, c-format
+#| msgid "%s: error changing fields\n"
+msgid "%s: error while duplicating string %s\n"
+msgstr "%s: errorea eremuak aldatzean\n"
+
+#, fuzzy, c-format
+#| msgid "%s: cannot create directory %s\n"
+msgid "%s: cannot set SELinux context for home directory %s\n"
+msgstr "%s: ezin da %s direktorioa sortu\n"
+
+#, c-format
+msgid "%s: error while duplicating string in BTRFS check %s\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s: %s home directory (%s) not found\n"
+msgid "%s: home directory \"%s\" must be mounted on BTRFS\n"
+msgstr "%s: %s etxe-direktorioa (%s) ez dago\n"
+
+#, fuzzy, c-format
+msgid "%s: failed to create BTRFS subvolume: %s\n"
+msgstr "huts egin du postontzia jabez aldatzean"
+
 #, c-format
 msgid "%s: cannot create directory %s\n"
 msgstr "%s: ezin da %s direktorioa sortu\n"
 
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: warning: chown on `%s' failed: %m\n"
+msgstr "%s: %d lerroa: chown %s-ek huts egin du: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: warning: chmod on `%s' failed: %m\n"
+msgstr "%s: %d lerroa: chown %s-ek huts egin du: %s\n"
+
+#, fuzzy, c-format
+#| msgid "%s: line %d: chown %s failed: %s\n"
+msgid "%s: warning: chown on '%s' failed: %m\n"
+msgstr "%s: %d lerroa: chown %s-ek huts egin du: %s\n"
+
+#, c-format
+msgid "%s: cannot reset SELinux file creation context\n"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s: cannot set SELinux context for mailbox file %s\n"
+msgstr "%s(r)en data informazioa aldatzen\n"
+
 msgid "Creating mailbox file"
 msgstr "Postakutxa fitxategia sortzen"
 
@@ -2160,6 +2558,17 @@ msgstr ""
 msgid "Setting mailbox file permissions"
 msgstr "Postakutxa fitxategi baimenak ezartzen"
 
+#, c-format
+msgid ""
+"%s warning: %s's uid %d outside of the SYS_UID_MIN %d and SYS_UID_MAX %d "
+"range.\n"
+msgstr ""
+
+#, c-format
+msgid ""
+"%s warning: %s's uid %d outside of the UID_MIN %d and UID_MAX %d range.\n"
+msgstr ""
+
 #, c-format
 msgid "%s: user '%s' already exists\n"
 msgstr "%s: '%s' erabiltzailea badago dagoeneko\n"
@@ -2194,10 +2603,13 @@ msgstr "%s: ezin da erabiltzailea sortu\n"
 msgid "%s: can't create subordinate group IDs\n"
 msgstr "%s: ezin da taldea sortu\n"
 
-#, c-format
+#, fuzzy, c-format
+#| msgid ""
+#| "%s: warning: the home directory already exists.\n"
+#| "Not copying any file from skel directory into it.\n"
 msgid ""
-"%s: warning: the home directory already exists.\n"
-"Not copying any file from skel directory into it.\n"
+"%s: warning: the home directory %s already exists.\n"
+"%s: Not copying any file from skel directory into it.\n"
 msgstr ""
 "%s: abisua: etxe direktorioa badago dagoeneko.\n"
 "Ez da bertara skel direktorioko fitxategirik kopiatuko.\n"
@@ -2208,9 +2620,15 @@ msgstr ""
 "%s: abisua: %s erabiltzaile izena %s SELinux erabiltzailera mapatzean huts "
 "egin du.\n"
 
+#, fuzzy
+#| msgid ""
+#| "  -f, --force                   force removal of files,\n"
+#| "                                even if not owned by user\n"
 msgid ""
-"  -f, --force                   force removal of files,\n"
-"                                even if not owned by user\n"
+"  -f, --force                   force some actions that would fail "
+"otherwise\n"
+"                                e.g. removal of user still logged in\n"
+"                                or files, even if not owned by the user\n"
 msgstr ""
 "  -f, --force                   fitxategien ezabatzea indartu nahiz ez\n"
 "                                erabiltzailearenak izan\n"
@@ -2286,6 +2704,11 @@ msgstr "%s: %s etxe-direktorioa (%s) ez dago\n"
 msgid "%s: not removing directory %s (would remove home of user %s)\n"
 msgstr "%s: ez da %s direktorioa ezabatuko (%s(r)en etxea ezabatuko luke)\n"
 
+#, fuzzy, c-format
+#| msgid "%s: error removing directory %s\n"
+msgid "%s: error removing subvolume %s\n"
+msgstr "%s: errorea %s direktorioa ezabatzean\n"
+
 #, c-format
 msgid "%s: error removing directory %s\n"
 msgstr "%s: errorea %s direktorioa ezabatzean\n"
@@ -2400,6 +2823,10 @@ msgstr ""
 msgid "%s: user '%s' already exists in %s\n"
 msgstr "%s: '%s' erabiltzailea badago dagoeneko %s-n\n"
 
+#, c-format
+msgid "%s: homedir must be an absolute path\n"
+msgstr ""
+
 #, fuzzy, c-format
 msgid "%s: invalid subordinate uid range '%s'\n"
 msgstr "%s: '%s' data baliogabea\n"
@@ -2442,6 +2869,10 @@ msgstr ""
 msgid "%s: Failed to change ownership of the home directory"
 msgstr "%s: ezin da %s direktorioa sortu\n"
 
+#, c-format
+msgid "%s: error: cannot move subvolume from %s to %s - different device\n"
+msgstr ""
+
 #, c-format
 msgid "%s: warning: failed to completely remove old home directory %s"
 msgstr "%s: abisua: huts %s etxe direktorio zaharra guztiz ezabatzerakoan"
@@ -2477,7 +2908,7 @@ msgid "%s: failed to remove uid range %lu-%lu from '%s'\n"
 msgstr "%s: huts %s sarrera  berria prestatzean '%s'\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to add uid range %lu-%lu from '%s'\n"
+msgid "%s: failed to add uid range %lu-%lu to '%s'\n"
 msgstr "%s: huts %s sarrera  berria prestatzean '%s'\n"
 
 #, fuzzy, c-format
@@ -2485,7 +2916,7 @@ msgid "%s: failed to remove gid range %lu-%lu from '%s'\n"
 msgstr "%s: huts %s sarrera  berria prestatzean '%s'\n"
 
 #, fuzzy, c-format
-msgid "%s: failed to add gid range %lu-%lu from '%s'\n"
+msgid "%s: failed to add gid range %lu-%lu to '%s'\n"
 msgstr "%s: huts %s sarrera  berria prestatzean '%s'\n"
 
 #, c-format
@@ -2581,6 +3012,9 @@ msgstr "%s: ezin da %s leheneratu: %s (zure aldaketak %s(e)n daude)\n"
 msgid "%s: failed to find tcb directory for %s\n"
 msgstr "%s: oinarrizko '%s' direktorio baliogabea\n"
 
+#~ msgid "Username         Port     From             Latest"
+#~ msgstr "Erabiltzaile-izena        Ataka      Nondik           Azkena"
+
 #~ msgid "  -c, --crypt-method            the crypt method (one of %s)\n"
 #~ msgstr "  -c, --crypt-method            zifratze metodoa (%s-etako bat)\n"
 
@@ -2843,9 +3277,6 @@ msgstr "%s: oinarrizko '%s' direktorio baliogabea\n"
 #~ "ezabatu\n"
 #~ "\n"
 
-#~ msgid "%s: user %s is currently logged in\n"
-#~ msgstr "%s: une honetan %s erabiltzaileak saioan sartuta dago\n"
-
 #~ msgid ""
 #~ "Usage: usermod [options] LOGIN\n"
 #~ "\n"