New upstream version 4.5

.gitignore

@@ -18,6 +18,7 @@ Makefile.in
 /aclocal.m4
 /autom4te.cache
 /compile
+/config.cache
 /config.guess
 /config.h
 /config.h.in
@@ -45,4 +46,5 @@ Makefile.in
 /po/stamp-po
 
 /shadow.spec
+/shadow-*.tar.*
 /libmisc/getdate.c

.travis.yml

@@ -0,0 +1,20 @@
+sudo: false
+
+language: c
+
+compiler:
+  - gcc
+  - clang
+
+addons:
+  apt:
+    packages:
+      - autopoint
+      - xsltproc
+
+script:
+ - ./autogen.sh --without-selinux --disable-man
+ - grep ENABLE_ config.status
+ - make
+
+# vim:et:ts=2:sw=2

ChangeLog

@@ -1,3 +1,84 @@
+2016-05-17  Serge Hallyn <serge@hallyn.com>
+
+	* Release 4.5
+
+2016-05-17  Serge Hallyn <serge@hallyn.com>
+
+	* Patch from Tobias Stoeckmann fixing regression in previous CVE fix
+	  preventing SIGTERM to su from being propagated to the job.
+	* Patch from Chris Lamb making sp_lstchg shadow field reproducible.
+	* Merge Russian translation updates from Yuri Kozlov
+	* Fix missing close of subuid file on error
+
+2016-02-23  Serge Hallyn <serge@hallyn.com>
+
+	* Merge patch by Tobias Stoeckmann <tobias@stoeckmann.org> to fix
+	  the equivalent of util-linux CVE-2017-2616.
+
+2016-02-08  Serge Hallyn <serge@hallyn.com>
+
+	* Update Kazakh translations
+	* Consult configuration before calculating subuids
+	* Remove misplaced semicolon
+
+2016-01-29  Serge Hallyn <serge@hallyn.com>
+
+	* Patch from Fedora to improve performance with SSSD, Winbind,
+	  or nss_ldap. (Tomas Mraz)
+	* Make sure knowndef_table is NULL-terminated.  (Bernhard Rosenkränzer)
+
+2016-12-21  Serge Hallyn <serge@hallyn.com>
+
+	* Drop leading underscore from _COMMONIO_H and _SHADOWIO_H
+	* Fix readability in usermod error messages.
+	* Reset user in tallylog
+	* Add audit support to su
+
+2016-12-02  Serge Hallyn <serge@hallyn.com>
+
+	* changes since 4.4
+	  - Use sizeof rather than hardcoding snprintf args
+	  - Fix useradd improper default loading
+	  - Update Vietnamese translations
+	  - Update Polish translations
+	  - Remove non-POSIX chmod option in Makefile
+	  - Fix suidubins assignments
+	  - Fix --add-subuids etc spelling in manpages
+	  - Audit homedir ownership change.
+	  - Print error on selinux file context update failure
+	  - Keep original file perms when creating a backup
+
+	* (henceforth we'll update Changelog with each commit
+	  and proper credit)
+
+2016-12-02  Serge Hallyn <serge@hallyn.com>
+
+	* Changes since 4.2.1:
+	  - Documentation, error report and translations updates
+	  - Replace path_max with 32
+	  - User namespace support fixes/updates including:
+	    - Correct sanity checks in newXidmap
+	    - Fix building without subuid support
+	    - Add /etc/subuid support for UID matching
+	    - Support subuid for nonlocal users
+	    - Default to 65536 subuid allocations
+	    - Respect -r
+	    - Check for range overflows
+	  - Add tests from svn tree
+	  - Use AC_CHECK_SIZEOF for uid_t size checks
+	  - Accomodate missing /etc and login.defs
+	  - Support FORCE_SHADOW
+	  - Be more robust in hostile environment
+	  - Allow removing a primary group
+	  - Clear passwords on __pw_dup errors
+	  - Memory leak fix in commonio_update and get_map_ranges
+	  - Fix resource leak in syslog_sg
+	  - Fix user busy error at userdel
+	  - Support set/clear lastlog record via lastlog command
+	  - Add --no-create-home as longopt for -M
+	  - Fix signal races
+	  - Reduce syslog priority of common usage events
+
 2013-08-25  Nicolas François  <nicolas.francois@centraliens.net>
 
 	* src/vipw.c: After waitpid(), use errno only if waitpid returned

Makefile.am

@@ -2,7 +2,5 @@
 
 EXTRA_DIST = NEWS README TODO shadow.spec.in
 
-AUTOMAKE_OPTIONS = 1.5 dist-bzip2 foreign
-
 SUBDIRS = po man libmisc lib src \
 	contrib doc etc

README

@@ -117,5 +117,6 @@ Maintainers
 ===========
 
 Tomasz Kłoczko <kloczek@pld.org.pl> (2000-2007)
-Nicolas François <nicolas.francois@centraliens.net> (2007-now)
+Nicolas François <nicolas.francois@centraliens.net> (2007-2014)
+Serge E. Hallyn <serge@hallyn.com> (2014-now)
 

configure.ac

@@ -1,6 +1,9 @@
 dnl Process this file with autoconf to produce a configure script.
-AC_INIT
-AM_INIT_AUTOMAKE(shadow, 4.4)
+AC_PREREQ([2.64])
+AC_INIT([shadow], [4.5], [pkg-shadow-devel@lists.alioth.debian.org], [],
+	[https://github.com/shadow-maint/shadow])
+AM_INIT_AUTOMAKE([1.11 foreign dist-xz])
+AM_SILENT_RULES([yes])
 AC_CONFIG_HEADERS([config.h])
 
 dnl Some hacks...

lib/commonio.c

@@ -301,15 +301,12 @@ static int create_backup (const char *backup, FILE * fp)
 	struct utimbuf ub;
 	FILE *bkfp;
 	int c;
-	mode_t mask;
 
 	if (fstat (fileno (fp), &sb) != 0) {
 		return -1;
 	}
 
-	mask = umask (077);
-	bkfp = fopen (backup, "w");
-	(void) umask (mask);
+	bkfp = fopen_set_perms (backup, "w", &sb);
 	if (NULL == bkfp) {
 		return -1;
 	}
@@ -754,16 +751,16 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *))
 	for (ptr = db->head;
 	        (NULL != ptr)
 #if KEEP_NIS_AT_END
-	     && (NULL != ptr->line)
-	     && (   ('+' != ptr->line[0])
-	         && ('-' != ptr->line[0]))
+	     && ((NULL == ptr->line)
+	         || (('+' != ptr->line[0])
+	             && ('-' != ptr->line[0])))
 #endif
 	     ;
 	     ptr = ptr->next) {
 		n++;
 	}
 #if KEEP_NIS_AT_END
-	if ((NULL != ptr) && (NULL != ptr->line)) {
+	if (NULL != ptr) {
 		nis = ptr;
 	}
 #endif

lib/commonio.h

@@ -31,8 +31,8 @@
  */
 
 /* $Id$ */
-#ifndef _COMMONIO_H
-#define _COMMONIO_H
+#ifndef COMMONIO_H
+#define COMMONIO_H
 
 #ifdef WITH_SELINUX
 #include <selinux/selinux.h>

lib/getdef.c

@@ -148,6 +148,7 @@ static struct itemdef knowndef_table[] = {
 #ifdef USE_PAM
 	PAMDEFS
 #endif
+	{NULL, NULL}
 };
 
 #ifndef LOGINDEFS

lib/groupio.c

@@ -338,8 +338,7 @@ static /*@null@*/struct commonio_entry *merge_group_entries (
 		errno = ENOMEM;
 		return NULL;
 	}
-	snprintf(new_line, new_line_len, "%s\n%s", gr1->line, gr2->line);
-	new_line[new_line_len] = '\0';
+	snprintf(new_line, new_line_len + 1, "%s\n%s", gr1->line, gr2->line);
 
 	/* Concatenate the 2 list of members */
 	for (i=0; NULL != gptr1->gr_mem[i]; i++);

lib/prototypes.h

@@ -179,6 +179,9 @@ extern int getrange (char *range,
                      unsigned long *min, bool *has_min,
                      unsigned long *max, bool *has_max);
 
+/* gettime.c */
+extern time_t gettime ();
+
 /* get_uid.c */
 extern int get_uid (const char *uidstr, uid_t *uid);
 

lib/sgroupio.c

@@ -40,6 +40,7 @@
 #include "prototypes.h"
 #include "defines.h"
 #include "commonio.h"
+#include "getdef.h"
 #include "sgroupio.h"
 
 /*@null@*/ /*@only@*/struct sgrp *__sgr_dup (const struct sgrp *sgent)

lib/shadowio.c

@@ -40,6 +40,7 @@
 #include <shadow.h>
 #include <stdio.h>
 #include "commonio.h"
+#include "getdef.h"
 #include "shadowio.h"
 #ifdef WITH_TCB
 #include <tcb.h>

lib/shadowio.h

@@ -31,8 +31,8 @@
  */
 
 /* $Id$ */
-#ifndef _SHADOWIO_H
-#define _SHADOWIO_H
+#ifndef SHADOWIO_H
+#define SHADOWIO_H
 
 #include "defines.h"
 

libmisc/Makefile.am

@@ -1,7 +1,7 @@
 
 EXTRA_DIST = .indent.pro xgetXXbyYY.c
 
-INCLUDES = -I$(top_srcdir)/lib
+AM_CPPFLAGS = -I$(top_srcdir)/lib
 
 noinst_LIBRARIES = libmisc.a
 
@@ -31,6 +31,7 @@ libmisc_a_SOURCES = \
 	getdate.y \
 	getgr_nam_gid.c \
 	getrange.c \
+	gettime.c \
 	hushed.c \
 	idmapping.h \
 	idmapping.c \

libmisc/find_new_gid.c

@@ -1,6 +1,7 @@
 /*
  * Copyright (c) 1991 - 1994, Julianne Frances Haugh
  * Copyright (c) 2008 - 2011, Nicolas François
+ * Copyright (c) 2014, Red Hat, Inc.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -38,6 +39,117 @@
 #include "groupio.h"
 #include "getdef.h"
 
+/*
+ * get_ranges - Get the minimum and maximum ID ranges for the search
+ *
+ * This function will return the minimum and maximum ranges for IDs
+ *
+ * 0: The function completed successfully
+ * EINVAL: The provided ranges are impossible (such as maximum < minimum)
+ *
+ * preferred_min: The special-case minimum value for a specifically-
+ * requested ID, which may be lower than the standard min_id
+ */
+static int get_ranges (bool sys_group, gid_t *min_id, gid_t *max_id,
+		       gid_t *preferred_min)
+{
+	gid_t gid_def_max = 0;
+
+	if (sys_group) {
+		/* System groups */
+
+		/* A requested ID is allowed to be below the autoselect range */
+		*preferred_min = (gid_t) 1;
+
+		/* Get the minimum ID range from login.defs or default to 101 */
+		*min_id = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
+
+		/*
+		 * If SYS_GID_MAX is unspecified, we should assume it to be one
+		 * less than the GID_MIN (which is reserved for non-system accounts)
+		 */
+		gid_def_max = (gid_t) getdef_ulong ("GID_MIN", 1000UL) - 1;
+		*max_id = (gid_t) getdef_ulong ("SYS_GID_MAX",
+				(unsigned long) gid_def_max);
+
+		/* Check that the ranges make sense */
+		if (*max_id < *min_id) {
+			(void) fprintf (stderr,
+                            _("%s: Invalid configuration: SYS_GID_MIN (%lu), "
+                              "GID_MIN (%lu), SYS_GID_MAX (%lu)\n"),
+                            Prog, (unsigned long) *min_id,
+                            getdef_ulong ("GID_MIN", 1000UL),
+                            (unsigned long) *max_id);
+			return EINVAL;
+		}
+	} else {
+		/* Non-system groups */
+
+		/* Get the values from login.defs or use reasonable defaults */
+		*min_id = (gid_t) getdef_ulong ("GID_MIN", 1000UL);
+		*max_id = (gid_t) getdef_ulong ("GID_MAX", 60000UL);
+
+		/*
+		 * The preferred minimum should match the standard ID minimum
+		 * for non-system groups.
+		 */
+		*preferred_min = *min_id;
+
+		/* Check that the ranges make sense */
+		if (*max_id < *min_id) {
+			(void) fprintf (stderr,
+					_("%s: Invalid configuration: GID_MIN (%lu), "
+					  "GID_MAX (%lu)\n"),
+					Prog, (unsigned long) *min_id,
+					(unsigned long) *max_id);
+			return EINVAL;
+		}
+	}
+
+	return 0;
+}
+
+/*
+ * check_gid - See if the requested GID is available
+ *
+ * On success, return 0
+ * If the ID is in use, return EEXIST
+ * If the ID is outside the range, return ERANGE
+ * In other cases, return errno from getgrgid()
+ */
+static int check_gid (const gid_t gid,
+		      const gid_t gid_min,
+		      const gid_t gid_max,
+		      bool *used_gids)
+{
+	/* First test that the preferred ID is in the range */
+	if (gid < gid_min || gid > gid_max) {
+		return ERANGE;
+	}
+
+	/*
+	 * Check whether we already detected this GID
+	 * using the gr_next() loop
+	 */
+	if (used_gids != NULL && used_gids[gid]) {
+		return EEXIST;
+	}
+	/* Check if the GID exists according to NSS */
+	errno = 0;
+	if (getgrgid (gid) != NULL) {
+		return EEXIST;
+	} else {
+		/* getgrgid() was NULL
+		 * we have to ignore errors as temporary
+		 * failures of remote user identity services
+		 * would completely block user/group creation
+		 */
+	}
+
+	/* If we've made it here, the GID must be available */
+	return 0;
+}
+
 /*
  * find_new_gid - Find a new unused GID.
  *
@@ -49,161 +161,338 @@
  * Return 0 on success, -1 if no unused GIDs are available.
  */
 int find_new_gid (bool sys_group,
-                  gid_t *gid,
-                  /*@null@*/gid_t const *preferred_gid)
+                 gid_t *gid,
+                 /*@null@*/gid_t const *preferred_gid)
 {
-	const struct group *grp;
-	gid_t gid_min, gid_max, group_id;
 	bool *used_gids;
+	const struct group *grp;
+	gid_t gid_min, gid_max, preferred_min;
+	gid_t group_id, id;
+	gid_t lowest_found, highest_found;
+	int result;
+	int nospam = 0;
 
-	assert (gid != NULL);
+	assert(gid != NULL);
 
-	if (!sys_group) {
-		gid_min = (gid_t) getdef_ulong ("GID_MIN", 1000UL);
-		gid_max = (gid_t) getdef_ulong ("GID_MAX", 60000UL);
-		if (gid_max < gid_min) {
-			(void) fprintf (stderr,
-			                _("%s: Invalid configuration: GID_MIN (%lu), GID_MAX (%lu)\n"),
-			                Prog, (unsigned long) gid_min, (unsigned long) gid_max);
-			return -1;
-		}
-	} else {
-		gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
-		gid_max = (gid_t) getdef_ulong ("GID_MIN", 1000UL) - 1;
-		gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
-		if (gid_max < gid_min) {
-			(void) fprintf (stderr,
-			                _("%s: Invalid configuration: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX (%lu)\n"),
-			                Prog, (unsigned long) gid_min, getdef_ulong ("GID_MIN", 1000UL), (unsigned long) gid_max);
+	/*
+	 * First, figure out what ID range is appropriate for
+	 * automatic assignment
+	 */
+	result = get_ranges (sys_group, &gid_min, &gid_max, &preferred_min);
+	if (result == EINVAL) {
+		return -1;
+	}
+
+	/* Check if the preferred GID is available */
+	if (preferred_gid) {
+		result = check_gid (*preferred_gid, preferred_min, gid_max, NULL);
+		if (result == 0) {
+			/*
+			 * Make sure the GID isn't queued for use already
+			 */
+			if (gr_locate_gid (*preferred_gid) == NULL) {
+				*gid = *preferred_gid;
+				return 0;
+			}
+			/*
+			 * gr_locate_gid() found the GID in an as-yet uncommitted
+			 * entry. We'll proceed below and auto-set a GID.
+			 */
+		} else if (result == EEXIST || result == ERANGE) {
+			/*
+			 * Continue on below. At this time, we won't
+			 * treat these two cases differently.
+			 */
+		} else {
+			/*
+			 * An unexpected error occurred. We should report
+			 * this and fail the group creation.
+			 * This differs from the automatic creation
+			 * behavior below, since if a specific GID was
+			 * requested and generated an error, the user is
+			 * more likely to want to stop and address the
+			 * issue.
+			 */
+			fprintf (stderr,
+				_("%s: Encountered error attempting to use "
+				  "preferred GID: %s\n"),
+				Prog, strerror (result));
 			return -1;
 		}
 	}
+
+	/*
+	 * Search the entire group file,
+	 * looking for the next unused value.
+	 *
+	 * We first check the local database with gr_rewind/gr_next to find
+	 * all local values that are in use.
+	 *
+	 * We then compare the next free value to all databases (local and
+	 * remote) and iterate until we find a free one. If there are free
+	 * values beyond the lowest (system groups) or highest (non-system
+	 * groups), we will prefer those and avoid potentially reclaiming a
+	 * deleted group (which can be a security issue, since it may grant
+	 * access to files belonging to that former group).
+	 *
+	 * If there are no GIDs available at the end of the search, we will
+	 * have no choice but to iterate through the range looking for gaps.
+	 *
+	 */
+
+	/* Create an array to hold all of the discovered GIDs */
 	used_gids = malloc (sizeof (bool) * (gid_max +1));
 	if (NULL == used_gids) {
 		fprintf (stderr,
-		         _("%s: failed to allocate memory: %s\n"),
-		         Prog, strerror (errno));
+			 _("%s: failed to allocate memory: %s\n"),
+			 Prog, strerror (errno));
 		return -1;
 	}
 	memset (used_gids, false, sizeof (bool) * (gid_max + 1));
 
-	if (   (NULL != preferred_gid)
-	    && (*preferred_gid >= gid_min)
-	    && (*preferred_gid <= gid_max)
-	    /* Check if the user exists according to NSS */
-	    && (getgrgid (*preferred_gid) == NULL)
-	    /* Check also the local database in case of uncommitted
-	     * changes */
-	    && (gr_locate_gid (*preferred_gid) == NULL)) {
-		*gid = *preferred_gid;
-		free (used_gids);
-		return 0;
-	}
-
-
-	/*
-	 * Search the entire group file,
-	 * looking for the largest unused value.
-	 *
-	 * We check the list of groups according to NSS (setgrent/getgrent),
-	 * but we also check the local database (gr_rewind/gr_next) in case
-	 * some groups were created but the changes were not committed yet.
-	 */
-	if (sys_group) {
-		gid_t id;
-		/* setgrent / getgrent / endgrent can be very slow with
-		 * LDAP configurations (and many accounts).
-		 * Since there is a limited amount of IDs to be tested
-		 * for system accounts, we just check the existence
-		 * of IDs with getgrgid.
+	/* First look for the lowest and highest value in the local database */
+	(void) gr_rewind ();
+	highest_found = gid_min;
+	lowest_found = gid_max;
+	while ((grp = gr_next ()) != NULL) {
+		/*
+		 * Does this entry have a lower GID than the lowest we've found
+		 * so far?
 		 */
-		group_id = gid_max;
-		for (id = gid_max; id >= gid_min; id--) {
-			if (getgrgid (id) != NULL) {
-				group_id = id - 1;
-				used_gids[id] = true;
-			}
+		if ((grp->gr_gid <= lowest_found) && (grp->gr_gid >= gid_min)) {
+			lowest_found = grp->gr_gid - 1;
 		}
 
-		(void) gr_rewind ();
-		while ((grp = gr_next ()) != NULL) {
-			if ((grp->gr_gid <= group_id) && (grp->gr_gid >= gid_min)) {
-				group_id = grp->gr_gid - 1;
-			}
-			/* create index of used GIDs */
-			if (grp->gr_gid <= gid_max) {
-				used_gids[grp->gr_gid] = true;
-			}
+		/*
+		 * Does this entry have a higher GID than the highest we've found
+		 * so far?
+		 */
+		if ((grp->gr_gid >= highest_found) && (grp->gr_gid <= gid_max)) {
+			highest_found = grp->gr_gid + 1;
 		}
-	} else {
-		group_id = gid_min;
-		setgrent ();
-		while ((grp = getgrent ()) != NULL) {
-			if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
-				group_id = grp->gr_gid + 1;
-			}
-			/* create index of used GIDs */
-			if (grp->gr_gid <= gid_max) {
-				used_gids[grp->gr_gid] = true;
-			}
-		}
-		endgrent ();
 
-		(void) gr_rewind ();
-		while ((grp = gr_next ()) != NULL) {
-			if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
-				group_id = grp->gr_gid + 1;
-			}
-			/* create index of used GIDs */
-			if (grp->gr_gid <= gid_max) {
-				used_gids[grp->gr_gid] = true;
-			}
+		/* create index of used GIDs */
+		if (grp->gr_gid >= gid_min
+			&& grp->gr_gid <= gid_max) {
+
+			used_gids[grp->gr_gid] = true;
 		}
 	}
 
-	/*
-	 * If a group (resp. system group) with GID equal to GID_MAX (resp.
-	 * GID_MIN) exists, the above algorithm will give us GID_MAX+1
-	 * (resp. GID_MIN-1) even if not unique. Search for the first free
-	 * GID starting with GID_MIN (resp. GID_MAX).
-	 */
 	if (sys_group) {
-		if (group_id < gid_min) {
-			for (group_id = gid_max; group_id >= gid_min; group_id--) {
-				if (false == used_gids[group_id]) {
-					break;
-				}
-			}
-			if (group_id < gid_min) {
-				fprintf (stderr,
-				         _("%s: Can't get unique system GID (no more available GIDs)\n"),
-				         Prog);
-				SYSLOG ((LOG_WARN,
-				         "no more available GID on the system"));
+		/*
+		 * For system groups, we want to start from the
+		 * top of the range and work downwards.
+		 */
+
+		/*
+		 * At the conclusion of the gr_next() search, we will either
+		 * have a presumed-free GID or we will be at GID_MIN - 1.
+		 */
+		if (lowest_found < gid_min) {
+			/*
+			 * In this case, a GID is in use at GID_MIN.
+			 *
+			 * We will reset the search to GID_MAX and proceed down
+			 * through all the GIDs (skipping those we detected with
+			 * used_gids) for a free one. It is a known issue that
+			 * this may result in reusing a previously-deleted GID,
+			 * so administrators should be instructed to use this
+			 * auto-detection with care (and prefer to assign GIDs
+			 * explicitly).
+			 */
+			lowest_found = gid_max;
+		}
+
+		/* Search through all of the IDs in the range */
+		for (id = lowest_found; id >= gid_min; id--) {
+			result = check_gid (id, gid_min, gid_max, used_gids);
+			if (result == 0) {
+				/* This GID is available. Return it. */
+				*gid = id;
 				free (used_gids);
-				return -1;
+				return 0;
+			} else if (result == EEXIST) {
+				/* This GID is in use, we'll continue to the next */
+			} else {
+				/*
+				 * An unexpected error occurred.
+				 *
+				 * Only report it the first time to avoid spamming
+				 * the logs
+				 *
+				 */
+				if (!nospam) {
+					fprintf (stderr,
+						_("%s: Can't get unique system GID (%s). "
+						  "Suppressing additional messages.\n"),
+						Prog, strerror (result));
+					SYSLOG ((LOG_ERR,
+						"Error checking available GIDs: %s",
+						strerror (result)));
+					nospam = 1;
+				}
+				/*
+				 * We will continue anyway. Hopefully a later GID
+				 * will work properly.
+				 */
 			}
 		}
-	} else {
-		if (group_id > gid_max) {
-			for (group_id = gid_min; group_id <= gid_max; group_id++) {
-				if (false == used_gids[group_id]) {
-					break;
+
+		/*
+		 * If we get all the way through the loop, try again from GID_MAX,
+		 * unless that was where we previously started. (NOTE: the worst-case
+		 * scenario here is that we will run through (GID_MAX - GID_MIN - 1)
+		 * cycles *again* if we fall into this case with lowest_found as
+		 * GID_MAX - 1, all groups in the range in use and maintained by
+		 * network services such as LDAP.)
+		 */
+		if (lowest_found != gid_max) {
+			for (id = gid_max; id >= gid_min; id--) {
+				result = check_gid (id, gid_min, gid_max, used_gids);
+				if (result == 0) {
+					/* This GID is available. Return it. */
+					*gid = id;
+					free (used_gids);
+					return 0;
+				} else if (result == EEXIST) {
+					/* This GID is in use, we'll continue to the next */
+				} else {
+					/*
+					 * An unexpected error occurred.
+					 *
+					 * Only report it the first time to avoid spamming
+					 * the logs
+					 *
+					 */
+					if (!nospam) {
+						fprintf (stderr,
+							_("%s: Can't get unique system GID (%s). "
+							  "Suppressing additional messages.\n"),
+							Prog, strerror (result));
+						SYSLOG ((LOG_ERR,
+							"Error checking available GIDs: %s",
+							strerror (result)));
+						nospam = 1;
+					}
+					/*
+					 * We will continue anyway. Hopefully a later GID
+					 * will work properly.
+					 */
 				}
 			}
-			if (group_id > gid_max) {
-				fprintf (stderr,
-				         _("%s: Can't get unique GID (no more available GIDs)\n"),
-				         Prog);
-				SYSLOG ((LOG_WARN, "no more available GID on the system"));
+		}
+	} else { /* !sys_group */
+		/*
+		 * For non-system groups, we want to start from the
+		 * bottom of the range and work upwards.
+		 */
+
+		/*
+		 * At the conclusion of the gr_next() search, we will either
+		 * have a presumed-free GID or we will be at GID_MAX + 1.
+		 */
+		if (highest_found > gid_max) {
+			/*
+			 * In this case, a GID is in use at GID_MAX.
+			 *
+			 * We will reset the search to GID_MIN and proceed up
+			 * through all the GIDs (skipping those we detected with
+			 * used_gids) for a free one. It is a known issue that
+			 * this may result in reusing a previously-deleted GID,
+			 * so administrators should be instructed to use this
+			 * auto-detection with care (and prefer to assign GIDs
+			 * explicitly).
+			 */
+			highest_found = gid_min;
+		}
+
+		/* Search through all of the IDs in the range */
+		for (id = highest_found; id <= gid_max; id++) {
+			result = check_gid (id, gid_min, gid_max, used_gids);
+			if (result == 0) {
+				/* This GID is available. Return it. */
+				*gid = id;
 				free (used_gids);
-				return -1;
+				return 0;
+			} else if (result == EEXIST) {
+				/* This GID is in use, we'll continue to the next */
+			} else {
+				/*
+				 * An unexpected error occurred.
+				 *
+				 * Only report it the first time to avoid spamming
+				 * the logs
+				 *
+				 */
+				if (!nospam) {
+					fprintf (stderr,
+						_("%s: Can't get unique GID (%s). "
+						  "Suppressing additional messages.\n"),
+						Prog, strerror (result));
+					SYSLOG ((LOG_ERR,
+						"Error checking available GIDs: %s",
+						strerror (result)));
+					nospam = 1;
+				}
+				/*
+				 * We will continue anyway. Hopefully a later GID
+				 * will work properly.
+				 */
+			}
+		}
+
+		/*
+		 * If we get all the way through the loop, try again from GID_MIN,
+		 * unless that was where we previously started. (NOTE: the worst-case
+		 * scenario here is that we will run through (GID_MAX - GID_MIN - 1)
+		 * cycles *again* if we fall into this case with highest_found as
+		 * GID_MIN + 1, all groups in the range in use and maintained by
+		 * network services such as LDAP.)
+		 */
+		if (highest_found != gid_min) {
+			for (id = gid_min; id <= gid_max; id++) {
+				result = check_gid (id, gid_min, gid_max, used_gids);
+				if (result == 0) {
+					/* This GID is available. Return it. */
+					*gid = id;
+					free (used_gids);
+					return 0;
+				} else if (result == EEXIST) {
+					/* This GID is in use, we'll continue to the next */
+				} else {
+					/*
+					 * An unexpected error occurred.
+					 *
+					 * Only report it the first time to avoid spamming
+					 * the logs
+					 *
+					 */
+					if (!nospam) {
+						fprintf (stderr,
+							_("%s: Can't get unique GID (%s). "
+							  "Suppressing additional messages.\n"),
+							Prog, strerror (result));
+						SYSLOG ((LOG_ERR,
+							"Error checking available GIDs: %s",
+							strerror (result)));
+						nospam = 1;
+					}
+					/*
+					 * We will continue anyway. Hopefully a later GID
+					 * will work properly.
+					 */
+				}
 			}
 		}
 	}
 
+	/* The code reached here and found no available IDs in the range */
+	fprintf (stderr,
+		_("%s: Can't get unique GID (no more available GIDs)\n"),
+		Prog);
+	SYSLOG ((LOG_WARN, "no more available GIDs on the system"));
 	free (used_gids);
-	*gid = group_id;
-	return 0;
+	return -1;
 }
 

libmisc/find_new_uid.c

@@ -1,6 +1,7 @@
 /*
  * Copyright (c) 1991 - 1994, Julianne Frances Haugh
  * Copyright (c) 2008 - 2011, Nicolas François
+ * Copyright (c) 2014, Red Hat, Inc.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -38,6 +39,117 @@
 #include "pwio.h"
 #include "getdef.h"
 
+/*
+ * get_ranges - Get the minimum and maximum ID ranges for the search
+ *
+ * This function will return the minimum and maximum ranges for IDs
+ *
+ * 0: The function completed successfully
+ * EINVAL: The provided ranges are impossible (such as maximum < minimum)
+ *
+ * preferred_min: The special-case minimum value for a specifically-
+ * requested ID, which may be lower than the standard min_id
+ */
+static int get_ranges (bool sys_user, uid_t *min_id, uid_t *max_id,
+			uid_t *preferred_min)
+{
+	uid_t uid_def_max = 0;
+
+	if (sys_user) {
+		/* System users */
+
+		/* A requested ID is allowed to be below the autoselect range */
+		*preferred_min = (uid_t) 1;
+
+		/* Get the minimum ID range from login.defs or default to 101 */
+		*min_id = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL);
+
+		/*
+		 * If SYS_UID_MAX is unspecified, we should assume it to be one
+		 * less than the UID_MIN (which is reserved for non-system accounts)
+		 */
+		uid_def_max = (uid_t) getdef_ulong ("UID_MIN", 1000UL) - 1;
+		*max_id = (uid_t) getdef_ulong ("SYS_UID_MAX",
+				(unsigned long) uid_def_max);
+
+		/* Check that the ranges make sense */
+		if (*max_id < *min_id) {
+			(void) fprintf (stderr,
+                            _("%s: Invalid configuration: SYS_UID_MIN (%lu), "
+                              "UID_MIN (%lu), SYS_UID_MAX (%lu)\n"),
+                            Prog, (unsigned long) *min_id,
+                            getdef_ulong ("UID_MIN", 1000UL),
+                            (unsigned long) *max_id);
+			return EINVAL;
+		}
+	} else {
+		/* Non-system users */
+
+		/* Get the values from login.defs or use reasonable defaults */
+		*min_id = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
+		*max_id = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
+
+		/*
+		 * The preferred minimum should match the standard ID minimum
+		 * for non-system users.
+		 */
+		*preferred_min = *min_id;
+
+		/* Check that the ranges make sense */
+		if (*max_id < *min_id) {
+			(void) fprintf (stderr,
+					_("%s: Invalid configuration: UID_MIN (%lu), "
+					  "UID_MAX (%lu)\n"),
+					Prog, (unsigned long) *min_id,
+					(unsigned long) *max_id);
+			return EINVAL;
+		}
+	}
+
+	return 0;
+}
+
+/*
+ * check_uid - See if the requested UID is available
+ *
+ * On success, return 0
+ * If the ID is in use, return EEXIST
+ * If the ID is outside the range, return ERANGE
+ * In other cases, return errno from getpwuid()
+ */
+static int check_uid(const uid_t uid,
+		     const uid_t uid_min,
+		     const uid_t uid_max,
+		     bool *used_uids)
+{
+	/* First test that the preferred ID is in the range */
+	if (uid < uid_min || uid > uid_max) {
+		return ERANGE;
+	}
+
+	/*
+	 * Check whether we already detected this UID
+	 * using the pw_next() loop
+	 */
+	if (used_uids != NULL && used_uids[uid]) {
+		return EEXIST;
+	}
+	/* Check if the UID exists according to NSS */
+	errno = 0;
+	if (getpwuid(uid) != NULL) {
+		return EEXIST;
+	} else {
+		/* getpwuid() was NULL
+		 * we have to ignore errors as temporary
+		 * failures of remote user identity services
+		 * would completely block user/group creation
+		 */
+	}
+
+	/* If we've made it here, the UID must be available */
+	return 0;
+}
+
 /*
  * find_new_uid - Find a new unused UID.
  *
@@ -48,162 +160,339 @@
  * 
  * Return 0 on success, -1 if no unused UIDs are available.
  */
-int find_new_uid (bool sys_user,
-                  uid_t *uid,
-                  /*@null@*/uid_t const *preferred_uid)
+int find_new_uid(bool sys_user,
+                 uid_t *uid,
+                 /*@null@*/uid_t const *preferred_uid)
 {
-	const struct passwd *pwd;
-	uid_t uid_min, uid_max, user_id;
 	bool *used_uids;
+	const struct passwd *pwd;
+	uid_t uid_min, uid_max, preferred_min;
+	uid_t user_id, id;
+	uid_t lowest_found, highest_found;
+	int result;
+	int nospam = 0;
 
 	assert (uid != NULL);
 
-	if (!sys_user) {
-		uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
-		uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
-		if (uid_max < uid_min) {
-			(void) fprintf (stderr,
-			                _("%s: Invalid configuration: UID_MIN (%lu), UID_MAX (%lu)\n"),
-			                Prog, (unsigned long) uid_min, (unsigned long) uid_max);
-			return -1;
-		}
-	} else {
-		uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL);
-		uid_max = (uid_t) getdef_ulong ("UID_MIN", 1000UL) - 1;
-		uid_max = (uid_t) getdef_ulong ("SYS_UID_MAX", (unsigned long) uid_max);
-		if (uid_max < uid_min) {
-			(void) fprintf (stderr,
-			                _("%s: Invalid configuration: SYS_UID_MIN (%lu), UID_MIN (%lu), SYS_UID_MAX (%lu)\n"),
-			                Prog, (unsigned long) uid_min, getdef_ulong ("UID_MIN", 1000UL), (unsigned long) uid_max);
+	/*
+	 * First, figure out what ID range is appropriate for
+	 * automatic assignment
+	 */
+	result = get_ranges (sys_user, &uid_min, &uid_max, &preferred_min);
+	if (result == EINVAL) {
+		return -1;
+	}
+
+	/* Check if the preferred UID is available */
+	if (preferred_uid) {
+		result = check_uid (*preferred_uid, preferred_min, uid_max, NULL);
+		if (result == 0) {
+			/*
+			 * Make sure the UID isn't queued for use already
+			 */
+			if (pw_locate_uid (*preferred_uid) == NULL) {
+				*uid = *preferred_uid;
+				return 0;
+			}
+			/*
+			 * pw_locate_uid() found the UID in an as-yet uncommitted
+			 * entry. We'll proceed below and auto-set an UID.
+			 */
+		} else if (result == EEXIST || result == ERANGE) {
+			/*
+			 * Continue on below. At this time, we won't
+			 * treat these two cases differently.
+			 */
+		} else {
+			/*
+			 * An unexpected error occurred. We should report
+			 * this and fail the user creation.
+			 * This differs from the automatic creation
+			 * behavior below, since if a specific UID was
+			 * requested and generated an error, the user is
+			 * more likely to want to stop and address the
+			 * issue.
+			 */
+			fprintf (stderr,
+				_("%s: Encountered error attempting to use "
+				  "preferred UID: %s\n"),
+				Prog, strerror (result));
 			return -1;
 		}
 	}
+
+	/*
+	 * Search the entire passwd file,
+	 * looking for the next unused value.
+	 *
+	 * We first check the local database with pw_rewind/pw_next to find
+	 * all local values that are in use.
+	 *
+	 * We then compare the next free value to all databases (local and
+	 * remote) and iterate until we find a free one. If there are free
+	 * values beyond the lowest (system users) or highest (non-system
+	 * users), we will prefer those and avoid potentially reclaiming a
+	 * deleted user (which can be a security issue, since it may grant
+	 * access to files belonging to that former user).
+	 *
+	 * If there are no UIDs available at the end of the search, we will
+	 * have no choice but to iterate through the range looking for gaps.
+	 *
+	 */
+
+	/* Create an array to hold all of the discovered UIDs */
 	used_uids = malloc (sizeof (bool) * (uid_max +1));
 	if (NULL == used_uids) {
 		fprintf (stderr,
-		         _("%s: failed to allocate memory: %s\n"),
-		         Prog, strerror (errno));
+			 _("%s: failed to allocate memory: %s\n"),
+			 Prog, strerror (errno));
 		return -1;
 	}
 	memset (used_uids, false, sizeof (bool) * (uid_max + 1));
 
-	if (   (NULL != preferred_uid)
-	    && (*preferred_uid >= uid_min)
-	    && (*preferred_uid <= uid_max)
-	    /* Check if the user exists according to NSS */
-	    && (getpwuid (*preferred_uid) == NULL)
-	    /* Check also the local database in case of uncommitted
-	     * changes */
-	    && (pw_locate_uid (*preferred_uid) == NULL)) {
-		*uid = *preferred_uid;
-		free (used_uids);
-		return 0;
-	}
-
-
-	/*
-	 * Search the entire password file,
-	 * looking for the largest unused value.
-	 *
-	 * We check the list of users according to NSS (setpwent/getpwent),
-	 * but we also check the local database (pw_rewind/pw_next) in case
-	 * some users were created but the changes were not committed yet.
-	 */
-	if (sys_user) {
-		uid_t id;
-		/* setpwent / getpwent / endpwent can be very slow with
-		 * LDAP configurations (and many accounts).
-		 * Since there is a limited amount of IDs to be tested
-		 * for system accounts, we just check the existence
-		 * of IDs with getpwuid.
+	/* First look for the lowest and highest value in the local database */
+	(void) pw_rewind ();
+	highest_found = uid_min;
+	lowest_found = uid_max;
+	while ((pwd = pw_next ()) != NULL) {
+		/*
+		 * Does this entry have a lower UID than the lowest we've found
+		 * so far?
 		 */
-		user_id = uid_max;
-		for (id = uid_max; id >= uid_min; id--) {
-			if (getpwuid (id) != NULL) {
-				user_id = id - 1;
-				used_uids[id] = true;
-			}
+		if ((pwd->pw_uid <= lowest_found) && (pwd->pw_uid >= uid_min)) {
+			lowest_found = pwd->pw_uid - 1;
 		}
 
-		(void) pw_rewind ();
-		while ((pwd = pw_next ()) != NULL) {
-			if ((pwd->pw_uid <= user_id) && (pwd->pw_uid >= uid_min)) {
-				user_id = pwd->pw_uid - 1;
-			}
-			/* create index of used UIDs */
-			if (pwd->pw_uid <= uid_max) {
-				used_uids[pwd->pw_uid] = true;
-			}
+		/*
+		 * Does this entry have a higher UID than the highest we've found
+		 * so far?
+		 */
+		if ((pwd->pw_uid >= highest_found) && (pwd->pw_uid <= uid_max)) {
+			highest_found = pwd->pw_uid + 1;
 		}
-	} else {
-		user_id = uid_min;
-		setpwent ();
-		while ((pwd = getpwent ()) != NULL) {
-			if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
-				user_id = pwd->pw_uid + 1;
-			}
-			/* create index of used UIDs */
-			if (pwd->pw_uid <= uid_max) {
-				used_uids[pwd->pw_uid] = true;
-			}
-		}
-		endpwent ();
 
-		(void) pw_rewind ();
-		while ((pwd = pw_next ()) != NULL) {
-			if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
-				user_id = pwd->pw_uid + 1;
-			}
-			/* create index of used UIDs */
-			if (pwd->pw_uid <= uid_max) {
-				used_uids[pwd->pw_uid] = true;
-			}
+		/* create index of used UIDs */
+		if (pwd->pw_uid >= uid_min
+			&& pwd->pw_uid <= uid_max) {
+
+			used_uids[pwd->pw_uid] = true;
 		}
 	}
 
-	/*
-	 * If a user (resp. system user) with UID equal to UID_MAX (resp.
-	 * UID_MIN) exists, the above algorithm will give us UID_MAX+1
-	 * (resp. UID_MIN-1) even if not unique. Search for the first free
-	 * UID starting with UID_MIN (resp. UID_MAX).
-	 */
 	if (sys_user) {
-		if (user_id < uid_min) {
-			for (user_id = uid_max; user_id >= uid_min; user_id--) {
-				if (false == used_uids[user_id]) {
-					break;
-				}
-			}
-			if (user_id < uid_min ) {
-				fprintf (stderr,
-				         _("%s: Can't get unique system UID (no more available UIDs)\n"),
-				         Prog);
-				SYSLOG ((LOG_WARN,
-				         "no more available UID on the system"));
+		/*
+		 * For system users, we want to start from the
+		 * top of the range and work downwards.
+		 */
+
+		/*
+		 * At the conclusion of the pw_next() search, we will either
+		 * have a presumed-free UID or we will be at UID_MIN - 1.
+		 */
+		if (lowest_found < uid_min) {
+			/*
+			 * In this case, an UID is in use at UID_MIN.
+			 *
+			 * We will reset the search to UID_MAX and proceed down
+			 * through all the UIDs (skipping those we detected with
+			 * used_uids) for a free one. It is a known issue that
+			 * this may result in reusing a previously-deleted UID,
+			 * so administrators should be instructed to use this
+			 * auto-detection with care (and prefer to assign UIDs
+			 * explicitly).
+			 */
+			lowest_found = uid_max;
+		}
+
+		/* Search through all of the IDs in the range */
+		for (id = lowest_found; id >= uid_min; id--) {
+			result = check_uid (id, uid_min, uid_max, used_uids);
+			if (result == 0) {
+				/* This UID is available. Return it. */
+				*uid = id;
 				free (used_uids);
-				return -1;
+				return 0;
+			} else if (result == EEXIST) {
+				/* This UID is in use, we'll continue to the next */
+			} else {
+				/*
+				 * An unexpected error occurred.
+				 *
+				 * Only report it the first time to avoid spamming
+				 * the logs
+				 *
+				 */
+				if (!nospam) {
+					fprintf (stderr,
+						_("%s: Can't get unique system UID (%s). "
+						  "Suppressing additional messages.\n"),
+						Prog, strerror (result));
+					SYSLOG ((LOG_ERR,
+						"Error checking available UIDs: %s",
+						strerror (result)));
+					nospam = 1;
+				}
+				/*
+				 * We will continue anyway. Hopefully a later UID
+				 * will work properly.
+				 */
 			}
 		}
-	} else {
-		if (user_id > uid_max) {
-			for (user_id = uid_min; user_id <= uid_max; user_id++) {
-				if (false == used_uids[user_id]) {
-					break;
+
+		/*
+		 * If we get all the way through the loop, try again from UID_MAX,
+		 * unless that was where we previously started. (NOTE: the worst-case
+		 * scenario here is that we will run through (UID_MAX - UID_MIN - 1)
+		 * cycles *again* if we fall into this case with lowest_found as
+		 * UID_MAX - 1, all users in the range in use and maintained by
+		 * network services such as LDAP.)
+		 */
+		if (lowest_found != uid_max) {
+			for (id = uid_max; id >= uid_min; id--) {
+				result = check_uid (id, uid_min, uid_max, used_uids);
+				if (result == 0) {
+					/* This UID is available. Return it. */
+					*uid = id;
+					free (used_uids);
+					return 0;
+				} else if (result == EEXIST) {
+					/* This UID is in use, we'll continue to the next */
+				} else {
+					/*
+					 * An unexpected error occurred.
+					 *
+					 * Only report it the first time to avoid spamming
+					 * the logs
+					 *
+					 */
+					if (!nospam) {
+						fprintf (stderr,
+							_("%s: Can't get unique system UID (%s). "
+							  "Suppressing additional messages.\n"),
+							Prog, strerror (result));
+						SYSLOG((LOG_ERR,
+							"Error checking available UIDs: %s",
+							strerror (result)));
+						nospam = 1;
+					}
+					/*
+					 * We will continue anyway. Hopefully a later UID
+					 * will work properly.
+					 */
 				}
 			}
-			if (user_id > uid_max) {
-				fprintf (stderr,
-				         _("%s: Can't get unique UID (no more available UIDs)\n"),
-				         Prog);
-				SYSLOG ((LOG_WARN, "no more available UID on the system"));
+		}
+	} else { /* !sys_user */
+		/*
+		 * For non-system users, we want to start from the
+		 * bottom of the range and work upwards.
+		 */
+
+		/*
+		 * At the conclusion of the pw_next() search, we will either
+		 * have a presumed-free UID or we will be at UID_MAX + 1.
+		 */
+		if (highest_found > uid_max) {
+			/*
+			 * In this case, a UID is in use at UID_MAX.
+			 *
+			 * We will reset the search to UID_MIN and proceed up
+			 * through all the UIDs (skipping those we detected with
+			 * used_uids) for a free one. It is a known issue that
+			 * this may result in reusing a previously-deleted UID,
+			 * so administrators should be instructed to use this
+			 * auto-detection with care (and prefer to assign UIDs
+			 * explicitly).
+			 */
+			highest_found = uid_min;
+		}
+
+		/* Search through all of the IDs in the range */
+		for (id = highest_found; id <= uid_max; id++) {
+			result = check_uid (id, uid_min, uid_max, used_uids);
+			if (result == 0) {
+				/* This UID is available. Return it. */
+				*uid = id;
 				free (used_uids);
-				return -1;
+				return 0;
+			} else if (result == EEXIST) {
+				/* This UID is in use, we'll continue to the next */
+			} else {
+				/*
+				 * An unexpected error occurred.
+				 *
+				 * Only report it the first time to avoid spamming
+				 * the logs
+				 *
+				 */
+				if (!nospam) {
+					fprintf (stderr,
+						_("%s: Can't get unique UID (%s). "
+						  "Suppressing additional messages.\n"),
+						Prog, strerror (result));
+					SYSLOG ((LOG_ERR,
+						"Error checking available UIDs: %s",
+						strerror (result)));
+					nospam = 1;
+				}
+				/*
+				 * We will continue anyway. Hopefully a later UID
+				 * will work properly.
+				 */
+			}
+		}
+
+		/*
+		 * If we get all the way through the loop, try again from UID_MIN,
+		 * unless that was where we previously started. (NOTE: the worst-case
+		 * scenario here is that we will run through (UID_MAX - UID_MIN - 1)
+		 * cycles *again* if we fall into this case with highest_found as
+		 * UID_MIN + 1, all users in the range in use and maintained by
+		 * network services such as LDAP.)
+		 */
+		if (highest_found != uid_min) {
+			for (id = uid_min; id <= uid_max; id++) {
+				result = check_uid (id, uid_min, uid_max, used_uids);
+				if (result == 0) {
+					/* This UID is available. Return it. */
+					*uid = id;
+					free (used_uids);
+					return 0;
+				} else if (result == EEXIST) {
+					/* This UID is in use, we'll continue to the next */
+				} else {
+					/*
+					 * An unexpected error occurred.
+					 *
+					 * Only report it the first time to avoid spamming
+					 * the logs
+					 *
+					 */
+					if (!nospam) {
+						fprintf (stderr,
+							_("%s: Can't get unique UID (%s). "
+							  "Suppressing additional messages.\n"),
+							Prog, strerror (result));
+						SYSLOG ((LOG_ERR,
+							"Error checking available UIDs: %s",
+							strerror (result)));
+						nospam = 1;
+					}
+					/*
+					 * We will continue anyway. Hopefully a later UID
+					 * will work properly.
+					 */
+				}
 			}
 		}
 	}
 
+	/* The code reached here and found no available IDs in the range */
+	fprintf (stderr,
+		_("%s: Can't get unique UID (no more available UIDs)\n"),
+		Prog);
+	SYSLOG ((LOG_WARN, "no more available UIDs on the system"));
 	free (used_uids);
-	*uid = user_id;
-	return 0;
+	return -1;
 }
 

libmisc/gettime.c

@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 2017, Chris Lamb
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the copyright holders or contributors may not be used to
+ *    endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+#ident "$Id$"
+
+#include <errno.h>
+#include <limits.h>
+#include <stdio.h>
+#include "defines.h"
+#include "prototypes.h"
+
+/*
+ * gettime() returns the time as the number of seconds since the Epoch
+ *
+ * Like time(), gettime() returns the time as the number of seconds since the
+ * Epoch, 1970-01-01 00:00:00 +0000 (UTC), except that if the SOURCE_DATE_EPOCH
+ * environment variable is exported it will use that instead.
+ */
+/*@observer@*/time_t gettime ()
+{
+	char *endptr;
+	char *source_date_epoch;
+	time_t fallback;
+	unsigned long long epoch;
+
+	fallback = time (NULL);
+	source_date_epoch = getenv ("SOURCE_DATE_EPOCH");
+
+	if (!source_date_epoch)
+		return fallback;
+
+	errno = 0;
+	epoch = strtoull (source_date_epoch, &endptr, 10);
+	if ((errno == ERANGE && (epoch == ULLONG_MAX || epoch == 0))
+			|| (errno != 0 && epoch == 0)) {
+		fprintf (stderr,
+			 _("Environment variable $SOURCE_DATE_EPOCH: strtoull: %s\n"),
+			 strerror(errno));
+	} else if (endptr == source_date_epoch) {
+		fprintf (stderr,
+			 _("Environment variable $SOURCE_DATE_EPOCH: No digits were found: %s\n"),
+			 endptr);
+	} else if (*endptr != '\0') {
+		fprintf (stderr,
+			 _("Environment variable $SOURCE_DATE_EPOCH: Trailing garbage: %s\n"),
+			 endptr);
+	} else if (epoch > ULONG_MAX) {
+		fprintf (stderr,
+			 _("Environment variable $SOURCE_DATE_EPOCH: value must be smaller than or equal to %lu but was found to be: %llu\n"),
+			 ULONG_MAX, epoch);
+	} else if (epoch > fallback) {
+		fprintf (stderr,
+			 _("Environment variable $SOURCE_DATE_EPOCH: value must be smaller than or equal to the current time (%lu) but was found to be: %llu\n"),
+			 fallback, epoch);
+	} else {
+		/* Valid */
+		return (time_t)epoch;
+	}
+
+	return fallback;
+}

libmisc/user_busy.c

@@ -170,6 +170,9 @@ static int user_busy_processes (const char *name, uid_t uid)
 	proc = opendir ("/proc");
 	if (proc == NULL) {
 		perror ("opendir /proc");
+#ifdef ENABLE_SUBIDS
+		sub_uid_close();
+#endif
 		return 0;
 	}
 	if (stat ("/", &sbroot) != 0) {

man/Makefile.am

@@ -215,5 +215,4 @@ $(man_MANS):
 	@echo "Error: you need to run configure with '--enable-man'"
 	@echo "       in order to regenerate man pages."
 	@echo ""
-	@false
 endif

man/generate_mans.mak

@@ -42,12 +42,11 @@ man1/% man3/% man5/% man8/%: %.xml-config Makefile config.xml
 	            -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl $<
 
 clean-local:
-	for d in man1 man3 man5 man8; do [ -d $$d ] && rmdir $$d; done
+	rm -rf man1 man3 man5 man8
 
 else
 $(man_MANS):
 	@echo you need to run configure with --enable-man to generate man pages
-	@false
 endif
 
 man8/grpconv.8 man8/grpunconv.8 man8/pwunconv.8: man8/pwconv.8

man/generate_translations.mak

@@ -14,7 +14,6 @@ include ../generate_mans.mak
 else
 $(man_MANS):
 	@echo you need to run configure with --enable-man to generate man pages
-	@false
 endif
 
 CLEANFILES = .xml2po.mo $(EXTRA_DIST) $(addsuffix .xml,$(EXTRA_DIST)) config.xml

man/po/da.po

@@ -1023,7 +1023,7 @@ msgstr ""
 #| "<option>-f</option>, <option>--inactive</option>&nbsp;"
 #| "<replaceable>INACTIVE</replaceable>"
 msgid ""
-"<option>-v</option>, <option>--add-sub-uids</option>&nbsp;"
+"<option>-v</option>, <option>--add-subuids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-f</option>, <option>--inactive</option>&nbsp;<replaceable>INAKTIV</"
@@ -1052,7 +1052,7 @@ msgstr ""
 #| "<option>-e</option>, <option>--expiredate</option>&nbsp;"
 #| "<replaceable>EXPIRE_DATE</replaceable>"
 msgid ""
-"<option>-V</option>, <option>--del-sub-uids</option>&nbsp;"
+"<option>-V</option>, <option>--del-subuids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-e</option>, <option>--expiredate</option>&nbsp;"
@@ -1065,8 +1065,8 @@ msgstr ""
 #: usermod.8.xml:409(para)
 msgid ""
 "This option may be specified multiple times to remove multiple ranges to a "
-"users account. When both <option>--del-sub-uids</option> and <option>--add-"
-"sub-uids</option> are specified, the removal of all subordinate uid ranges "
+"users account. When both <option>--del-subuids</option> and <option>--add-"
+"subuids</option> are specified, the removal of all subordinate uid ranges "
 "happens before any subordinate uid range is added."
 msgstr ""
 
@@ -1076,7 +1076,7 @@ msgstr ""
 #| "<option>-f</option>, <option>--inactive</option>&nbsp;"
 #| "<replaceable>INACTIVE</replaceable>"
 msgid ""
-"<option>-w</option>, <option>--add-sub-gids</option>&nbsp;"
+"<option>-w</option>, <option>--add-subgids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-f</option>, <option>--inactive</option>&nbsp;<replaceable>INAKTIV</"
@@ -1099,7 +1099,7 @@ msgstr ""
 #| "<option>-e</option>, <option>--expiredate</option>&nbsp;"
 #| "<replaceable>EXPIRE_DATE</replaceable>"
 msgid ""
-"<option>-W</option>, <option>--del-sub-gids</option>&nbsp;"
+"<option>-W</option>, <option>--del-subgids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-e</option>, <option>--expiredate</option>&nbsp;"
@@ -1112,8 +1112,8 @@ msgstr ""
 #: usermod.8.xml:447(para)
 msgid ""
 "This option may be specified multiple times to remove multiple ranges to a "
-"users account. When both <option>--del-sub-gids</option> and <option>--add-"
-"sub-gids</option> are specified, the removal of all subordinate gid ranges "
+"users account. When both <option>--del-subgids</option> and <option>--add-"
+"subgids</option> are specified, the removal of all subordinate gid ranges "
 "happens before any subordinate gid range is added."
 msgstr ""
 

man/po/de.po

@@ -1092,7 +1092,7 @@ msgstr ""
 #| "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
 #| "replaceable>|<replaceable>RANGE</replaceable>"
 msgid ""
-"<option>-v</option>, <option>--add-sub-uids</option>&nbsp;"
+"<option>-v</option>, <option>--add-subuids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
@@ -1129,7 +1129,7 @@ msgstr ""
 #| "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
 #| "replaceable>|<replaceable>RANGE</replaceable>"
 msgid ""
-"<option>-V</option>, <option>--del-sub-uids</option>&nbsp;"
+"<option>-V</option>, <option>--del-subuids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
@@ -1142,8 +1142,8 @@ msgstr ""
 #: usermod.8.xml:409(para)
 msgid ""
 "This option may be specified multiple times to remove multiple ranges to a "
-"users account. When both <option>--del-sub-uids</option> and <option>--add-"
-"sub-uids</option> are specified, the removal of all subordinate uid ranges "
+"users account. When both <option>--del-subuids</option> and <option>--add-"
+"subuids</option> are specified, the removal of all subordinate uid ranges "
 "happens before any subordinate uid range is added."
 msgstr ""
 
@@ -1153,7 +1153,7 @@ msgstr ""
 #| "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
 #| "replaceable>|<replaceable>RANGE</replaceable>"
 msgid ""
-"<option>-w</option>, <option>--add-sub-gids</option>&nbsp;"
+"<option>-w</option>, <option>--add-subgids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
@@ -1184,7 +1184,7 @@ msgstr ""
 #| "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
 #| "replaceable>|<replaceable>RANGE</replaceable>"
 msgid ""
-"<option>-W</option>, <option>--del-sub-gids</option>&nbsp;"
+"<option>-W</option>, <option>--del-subgids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
@@ -1201,8 +1201,8 @@ msgstr ""
 #: usermod.8.xml:447(para)
 msgid ""
 "This option may be specified multiple times to remove multiple ranges to a "
-"users account. When both <option>--del-sub-gids</option> and <option>--add-"
-"sub-gids</option> are specified, the removal of all subordinate gid ranges "
+"users account. When both <option>--del-subgids</option> and <option>--add-"
+"subgids</option> are specified, the removal of all subordinate gid ranges "
 "happens before any subordinate gid range is added."
 msgstr ""
 
@@ -3087,7 +3087,7 @@ msgstr "5"
 #: limits.5.xml:61(refmiscinfo) gshadow.5.xml:48(refmiscinfo)
 #: faillog.5.xml:59(refmiscinfo)
 msgid "File Formats and Conversions"
-msgstr "Dateiformate und -konvertierung"
+msgstr "Dateiformate und konvertierung"
 
 #: suauth.5.xml:65(refpurpose)
 msgid "detailed su control file"
@@ -4370,7 +4370,7 @@ msgstr ""
 
 #: shadow.5.xml:235(para)
 msgid "An empty field means that the account will never expire."
-msgstr "Ein leeren Feld bedeutet, dass das Konto nicht verfallen wird."
+msgstr "Ein leeres Feld bedeutet, dass das Konto nicht verfallen wird."
 
 #: shadow.5.xml:238(para)
 msgid ""
@@ -6961,7 +6961,7 @@ msgid ""
 "contents of this file should be a message indicating why logins are "
 "inhibited."
 msgstr ""
-"Falls angegeben, der Name einer Datei, dessen Existenz Anmeldungen außer von "
+"Falls angegeben, der Name einer Datei, deren Existenz Anmeldungen außer von "
 "Root verhindert. Der Inhalt der Datei sollte die Gründe enthalten, weshalb "
 "Anmeldungen untersagt sind."
 

man/po/fr.po

@@ -1110,7 +1110,7 @@ msgstr ""
 #| "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
 #| "replaceable>|<replaceable>RANGE</replaceable>"
 msgid ""
-"<option>-v</option>, <option>--add-sub-uids</option>&nbsp;"
+"<option>-v</option>, <option>--add-subuids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
@@ -1147,7 +1147,7 @@ msgstr ""
 #| "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
 #| "replaceable>|<replaceable>RANGE</replaceable>"
 msgid ""
-"<option>-V</option>, <option>--del-sub-uids</option>&nbsp;"
+"<option>-V</option>, <option>--del-subuids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
@@ -1160,8 +1160,8 @@ msgstr ""
 #: usermod.8.xml:409(para)
 msgid ""
 "This option may be specified multiple times to remove multiple ranges to a "
-"users account. When both <option>--del-sub-uids</option> and <option>--add-"
-"sub-uids</option> are specified, the removal of all subordinate uid ranges "
+"users account. When both <option>--del-subuids</option> and <option>--add-"
+"subuids</option> are specified, the removal of all subordinate uid ranges "
 "happens before any subordinate uid range is added."
 msgstr ""
 
@@ -1171,7 +1171,7 @@ msgstr ""
 #| "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
 #| "replaceable>|<replaceable>RANGE</replaceable>"
 msgid ""
-"<option>-w</option>, <option>--add-sub-gids</option>&nbsp;"
+"<option>-w</option>, <option>--add-subgids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
@@ -1202,7 +1202,7 @@ msgstr ""
 #| "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
 #| "replaceable>|<replaceable>RANGE</replaceable>"
 msgid ""
-"<option>-W</option>, <option>--del-sub-gids</option>&nbsp;"
+"<option>-W</option>, <option>--del-subgids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
@@ -1219,8 +1219,8 @@ msgstr ""
 #: usermod.8.xml:447(para)
 msgid ""
 "This option may be specified multiple times to remove multiple ranges to a "
-"users account. When both <option>--del-sub-gids</option> and <option>--add-"
-"sub-gids</option> are specified, the removal of all subordinate gid ranges "
+"users account. When both <option>--del-subgids</option> and <option>--add-"
+"subgids</option> are specified, the removal of all subordinate gid ranges "
 "happens before any subordinate gid range is added."
 msgstr ""
 

man/po/it.po

@@ -1151,7 +1151,7 @@ msgstr ""
 #| "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
 #| "replaceable>|<replaceable>RANGE</replaceable>"
 msgid ""
-"<option>-v</option>, <option>--add-sub-uids</option>&nbsp;"
+"<option>-v</option>, <option>--add-subuids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
@@ -1189,7 +1189,7 @@ msgstr ""
 #| "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
 #| "replaceable>|<replaceable>RANGE</replaceable>"
 msgid ""
-"<option>-V</option>, <option>--del-sub-uids</option>&nbsp;"
+"<option>-V</option>, <option>--del-subuids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
@@ -1202,8 +1202,8 @@ msgstr ""
 #: usermod.8.xml:409(para)
 msgid ""
 "This option may be specified multiple times to remove multiple ranges to a "
-"users account. When both <option>--del-sub-uids</option> and <option>--add-"
-"sub-uids</option> are specified, the removal of all subordinate uid ranges "
+"users account. When both <option>--del-subuids</option> and <option>--add-"
+"subuids</option> are specified, the removal of all subordinate uid ranges "
 "happens before any subordinate uid range is added."
 msgstr ""
 
@@ -1214,7 +1214,7 @@ msgstr ""
 #| "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
 #| "replaceable>|<replaceable>RANGE</replaceable>"
 msgid ""
-"<option>-w</option>, <option>--add-sub-gids</option>&nbsp;"
+"<option>-w</option>, <option>--add-subgids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
@@ -1247,7 +1247,7 @@ msgstr ""
 #| "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
 #| "replaceable>|<replaceable>RANGE</replaceable>"
 msgid ""
-"<option>-W</option>, <option>--del-sub-gids</option>&nbsp;"
+"<option>-W</option>, <option>--del-subgids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
@@ -1262,8 +1262,8 @@ msgstr "Rimuove tutti gli utenti SELinux assegnati al login utente."
 #: usermod.8.xml:447(para)
 msgid ""
 "This option may be specified multiple times to remove multiple ranges to a "
-"users account. When both <option>--del-sub-gids</option> and <option>--add-"
-"sub-gids</option> are specified, the removal of all subordinate gid ranges "
+"users account. When both <option>--del-subgids</option> and <option>--add-"
+"subgids</option> are specified, the removal of all subordinate gid ranges "
 "happens before any subordinate gid range is added."
 msgstr ""
 

man/po/pl.po

@@ -1088,7 +1088,7 @@ msgstr ""
 #| "<option>-K</option>, <option>--key</option>&nbsp;<replaceable>KEY</"
 #| "replaceable>=<replaceable>VALUE</replaceable>"
 msgid ""
-"<option>-v</option>, <option>--add-sub-uids</option>&nbsp;"
+"<option>-v</option>, <option>--add-subuids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-K</option>, <option>--key</option>&nbsp;<replaceable>KLUCZ</"
@@ -1117,7 +1117,7 @@ msgstr ""
 #| "<option>-K</option>, <option>--key</option>&nbsp;<replaceable>KEY</"
 #| "replaceable>=<replaceable>VALUE</replaceable>"
 msgid ""
-"<option>-V</option>, <option>--del-sub-uids</option>&nbsp;"
+"<option>-V</option>, <option>--del-subuids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-K</option>, <option>--key</option>&nbsp;<replaceable>KLUCZ</"
@@ -1130,8 +1130,8 @@ msgstr ""
 #: usermod.8.xml:409(para)
 msgid ""
 "This option may be specified multiple times to remove multiple ranges to a "
-"users account. When both <option>--del-sub-uids</option> and <option>--add-"
-"sub-uids</option> are specified, the removal of all subordinate uid ranges "
+"users account. When both <option>--del-subuids</option> and <option>--add-"
+"subuids</option> are specified, the removal of all subordinate uid ranges "
 "happens before any subordinate uid range is added."
 msgstr ""
 
@@ -1141,7 +1141,7 @@ msgstr ""
 #| "<option>-K</option>, <option>--key</option>&nbsp;<replaceable>KEY</"
 #| "replaceable>=<replaceable>VALUE</replaceable>"
 msgid ""
-"<option>-w</option>, <option>--add-sub-gids</option>&nbsp;"
+"<option>-w</option>, <option>--add-subgids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-K</option>, <option>--key</option>&nbsp;<replaceable>KLUCZ</"
@@ -1164,7 +1164,7 @@ msgstr ""
 #| "<option>-K</option>, <option>--key</option>&nbsp;<replaceable>KEY</"
 #| "replaceable>=<replaceable>VALUE</replaceable>"
 msgid ""
-"<option>-W</option>, <option>--del-sub-gids</option>&nbsp;"
+"<option>-W</option>, <option>--del-subgids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-K</option>, <option>--key</option>&nbsp;<replaceable>KLUCZ</"
@@ -1177,8 +1177,8 @@ msgstr ""
 #: usermod.8.xml:447(para)
 msgid ""
 "This option may be specified multiple times to remove multiple ranges to a "
-"users account. When both <option>--del-sub-gids</option> and <option>--add-"
-"sub-gids</option> are specified, the removal of all subordinate gid ranges "
+"users account. When both <option>--del-subgids</option> and <option>--add-"
+"subgids</option> are specified, the removal of all subordinate gid ranges "
 "happens before any subordinate gid range is added."
 msgstr ""
 

man/po/ru.po

@@ -1133,7 +1133,7 @@ msgstr ""
 #| "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
 #| "replaceable>|<replaceable>RANGE</replaceable>"
 msgid ""
-"<option>-v</option>, <option>--add-sub-uids</option>&nbsp;"
+"<option>-v</option>, <option>--add-subuids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>УЧЁТНАЯ "
@@ -1170,7 +1170,7 @@ msgstr ""
 #| "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
 #| "replaceable>|<replaceable>RANGE</replaceable>"
 msgid ""
-"<option>-V</option>, <option>--del-sub-uids</option>&nbsp;"
+"<option>-V</option>, <option>--del-subuids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>УЧЁТНАЯ "
@@ -1183,8 +1183,8 @@ msgstr ""
 #: usermod.8.xml:409(para)
 msgid ""
 "This option may be specified multiple times to remove multiple ranges to a "
-"users account. When both <option>--del-sub-uids</option> and <option>--add-"
-"sub-uids</option> are specified, the removal of all subordinate uid ranges "
+"users account. When both <option>--del-subuids</option> and <option>--add-"
+"subuids</option> are specified, the removal of all subordinate uid ranges "
 "happens before any subordinate uid range is added."
 msgstr ""
 
@@ -1194,7 +1194,7 @@ msgstr ""
 #| "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
 #| "replaceable>|<replaceable>RANGE</replaceable>"
 msgid ""
-"<option>-w</option>, <option>--add-sub-gids</option>&nbsp;"
+"<option>-w</option>, <option>--add-subgids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>УЧЁТНАЯ "
@@ -1225,7 +1225,7 @@ msgstr ""
 #| "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
 #| "replaceable>|<replaceable>RANGE</replaceable>"
 msgid ""
-"<option>-W</option>, <option>--del-sub-gids</option>&nbsp;"
+"<option>-W</option>, <option>--del-subgids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>УЧЁТНАЯ "
@@ -1242,8 +1242,8 @@ msgstr ""
 #: usermod.8.xml:447(para)
 msgid ""
 "This option may be specified multiple times to remove multiple ranges to a "
-"users account. When both <option>--del-sub-gids</option> and <option>--add-"
-"sub-gids</option> are specified, the removal of all subordinate gid ranges "
+"users account. When both <option>--del-subgids</option> and <option>--add-"
+"subgids</option> are specified, the removal of all subordinate gid ranges "
 "happens before any subordinate gid range is added."
 msgstr ""
 

man/po/shadow-man-pages.pot

@@ -458,7 +458,7 @@ msgid "Note: if you wish to unlock the account (not only access with a password)
 msgstr ""
 
 #: usermod.8.xml:384(term)
-msgid "<option>-v</option>, <option>--add-sub-uids</option>&nbsp;<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
+msgid "<option>-v</option>, <option>--add-subuids</option>&nbsp;<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 
 #: usermod.8.xml:388(para)
@@ -474,7 +474,7 @@ msgid "No checks will be performed with regard to <option>SUB_UID_MIN</option>,
 msgstr ""
 
 #: usermod.8.xml:402(term)
-msgid "<option>-V</option>, <option>--del-sub-uids</option>&nbsp;<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
+msgid "<option>-V</option>, <option>--del-subuids</option>&nbsp;<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 
 #: usermod.8.xml:406(para)
@@ -482,11 +482,11 @@ msgid "Remove a range of subordinate uids from the user's account."
 msgstr ""
 
 #: usermod.8.xml:409(para)
-msgid "This option may be specified multiple times to remove multiple ranges to a users account. When both <option>--del-sub-uids</option> and <option>--add-sub-uids</option> are specified, the removal of all subordinate uid ranges happens before any subordinate uid range is added."
+msgid "This option may be specified multiple times to remove multiple ranges to a users account. When both <option>--del-subuids</option> and <option>--add-subuids</option> are specified, the removal of all subordinate uid ranges happens before any subordinate uid range is added."
 msgstr ""
 
 #: usermod.8.xml:422(term)
-msgid "<option>-w</option>, <option>--add-sub-gids</option>&nbsp;<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
+msgid "<option>-w</option>, <option>--add-subgids</option>&nbsp;<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 
 #: usermod.8.xml:426(para)
@@ -498,7 +498,7 @@ msgid "No checks will be performed with regard to <option>SUB_GID_MIN</option>,
 msgstr ""
 
 #: usermod.8.xml:440(term)
-msgid "<option>-W</option>, <option>--del-sub-gids</option>&nbsp;<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
+msgid "<option>-W</option>, <option>--del-subgids</option>&nbsp;<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 
 #: usermod.8.xml:444(para)
@@ -506,7 +506,7 @@ msgid "Remove a range of subordinate gids from the user's account."
 msgstr ""
 
 #: usermod.8.xml:447(para)
-msgid "This option may be specified multiple times to remove multiple ranges to a users account. When both <option>--del-sub-gids</option> and <option>--add-sub-gids</option> are specified, the removal of all subordinate gid ranges happens before any subordinate gid range is added."
+msgid "This option may be specified multiple times to remove multiple ranges to a users account. When both <option>--del-subgids</option> and <option>--add-subgids</option> are specified, the removal of all subordinate gid ranges happens before any subordinate gid range is added."
 msgstr ""
 
 #: usermod.8.xml:460(term) useradd.8.xml:506(term)

man/po/sv.po

@@ -1062,7 +1062,7 @@ msgstr ""
 #| "<option>-K</option>, <option>--key</option>&nbsp;<replaceable>KEY</"
 #| "replaceable>=<replaceable>VALUE</replaceable>"
 msgid ""
-"<option>-v</option>, <option>--add-sub-uids</option>&nbsp;"
+"<option>-v</option>, <option>--add-subuids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-K</option>, <option>--key</option>&nbsp;<replaceable>NYCKEL</"
@@ -1091,7 +1091,7 @@ msgstr ""
 #| "<option>-K</option>, <option>--key</option>&nbsp;<replaceable>KEY</"
 #| "replaceable>=<replaceable>VALUE</replaceable>"
 msgid ""
-"<option>-V</option>, <option>--del-sub-uids</option>&nbsp;"
+"<option>-V</option>, <option>--del-subuids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-K</option>, <option>--key</option>&nbsp;<replaceable>NYCKEL</"
@@ -1104,8 +1104,8 @@ msgstr ""
 #: usermod.8.xml:409(para)
 msgid ""
 "This option may be specified multiple times to remove multiple ranges to a "
-"users account. When both <option>--del-sub-uids</option> and <option>--add-"
-"sub-uids</option> are specified, the removal of all subordinate uid ranges "
+"users account. When both <option>--del-subuids</option> and <option>--add-"
+"subuids</option> are specified, the removal of all subordinate uid ranges "
 "happens before any subordinate uid range is added."
 msgstr ""
 
@@ -1115,7 +1115,7 @@ msgstr ""
 #| "<option>-K</option>, <option>--key</option>&nbsp;<replaceable>KEY</"
 #| "replaceable>=<replaceable>VALUE</replaceable>"
 msgid ""
-"<option>-w</option>, <option>--add-sub-gids</option>&nbsp;"
+"<option>-w</option>, <option>--add-subgids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-K</option>, <option>--key</option>&nbsp;<replaceable>NYCKEL</"
@@ -1138,7 +1138,7 @@ msgstr ""
 #| "<option>-K</option>, <option>--key</option>&nbsp;<replaceable>KEY</"
 #| "replaceable>=<replaceable>VALUE</replaceable>"
 msgid ""
-"<option>-W</option>, <option>--del-sub-gids</option>&nbsp;"
+"<option>-W</option>, <option>--del-subgids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-K</option>, <option>--key</option>&nbsp;<replaceable>NYCKEL</"
@@ -1151,8 +1151,8 @@ msgstr ""
 #: usermod.8.xml:447(para)
 msgid ""
 "This option may be specified multiple times to remove multiple ranges to a "
-"users account. When both <option>--del-sub-gids</option> and <option>--add-"
-"sub-gids</option> are specified, the removal of all subordinate gid ranges "
+"users account. When both <option>--del-subgids</option> and <option>--add-"
+"subgids</option> are specified, the removal of all subordinate gid ranges "
 "happens before any subordinate gid range is added."
 msgstr ""
 

man/po/zh_CN.po

@@ -1043,7 +1043,7 @@ msgstr ""
 #| "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
 #| "replaceable>|<replaceable>RANGE</replaceable>"
 msgid ""
-"<option>-v</option>, <option>--add-sub-uids</option>&nbsp;"
+"<option>-v</option>, <option>--add-subuids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
@@ -1080,7 +1080,7 @@ msgstr ""
 #| "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
 #| "replaceable>|<replaceable>RANGE</replaceable>"
 msgid ""
-"<option>-V</option>, <option>--del-sub-uids</option>&nbsp;"
+"<option>-V</option>, <option>--del-subuids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
@@ -1093,8 +1093,8 @@ msgstr ""
 #: usermod.8.xml:409(para)
 msgid ""
 "This option may be specified multiple times to remove multiple ranges to a "
-"users account. When both <option>--del-sub-uids</option> and <option>--add-"
-"sub-uids</option> are specified, the removal of all subordinate uid ranges "
+"users account. When both <option>--del-subuids</option> and <option>--add-"
+"subuids</option> are specified, the removal of all subordinate uid ranges "
 "happens before any subordinate uid range is added."
 msgstr ""
 
@@ -1104,7 +1104,7 @@ msgstr ""
 #| "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
 #| "replaceable>|<replaceable>RANGE</replaceable>"
 msgid ""
-"<option>-w</option>, <option>--add-sub-gids</option>&nbsp;"
+"<option>-w</option>, <option>--add-subgids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
@@ -1136,7 +1136,7 @@ msgstr ""
 #| "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
 #| "replaceable>|<replaceable>RANGE</replaceable>"
 msgid ""
-"<option>-W</option>, <option>--del-sub-gids</option>&nbsp;"
+"<option>-W</option>, <option>--del-subgids</option>&nbsp;"
 "<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
 msgstr ""
 "<option>-u</option>, <option>--user</option>&nbsp;<replaceable>LOGIN</"
@@ -1151,8 +1151,8 @@ msgstr "移除用户登录的所有 SELinux 用户映射。"
 #: usermod.8.xml:447(para)
 msgid ""
 "This option may be specified multiple times to remove multiple ranges to a "
-"users account. When both <option>--del-sub-gids</option> and <option>--add-"
-"sub-gids</option> are specified, the removal of all subordinate gid ranges "
+"users account. When both <option>--del-subgids</option> and <option>--add-"
+"subgids</option> are specified, the removal of all subordinate gid ranges "
 "happens before any subordinate gid range is added."
 msgstr ""
 

man/usermod.8.xml

@@ -382,7 +382,7 @@
       </varlistentry>
       <varlistentry condition="subids">
 	<term>
-	  <option>-v</option>, <option>--add-sub-uids</option>&nbsp;<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>
+	  <option>-v</option>, <option>--add-subuids</option>&nbsp;<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>
 	</term>
 	<listitem>
 	  <para>
@@ -400,7 +400,7 @@
       </varlistentry>
       <varlistentry condition="subids">
 	<term>
-	  <option>-V</option>, <option>--del-sub-uids</option>&nbsp;<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>
+	  <option>-V</option>, <option>--del-subuids</option>&nbsp;<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>
 	</term>
 	<listitem>
 	  <para>
@@ -408,7 +408,7 @@
 	  </para>
 	  <para>
 	    This option may be specified multiple times to remove multiple ranges to a users account.
-	    When both <option>--del-sub-uids</option> and <option>--add-sub-uids</option> are specified,
+	    When both <option>--del-subuids</option> and <option>--add-subuids</option> are specified,
 	    the removal of all subordinate uid ranges happens before any subordinate uid range is added.
 	  </para>
 	  <para>
@@ -420,7 +420,7 @@
       </varlistentry>
       <varlistentry condition="subids">
 	<term>
-	  <option>-w</option>, <option>--add-sub-gids</option>&nbsp;<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>
+	  <option>-w</option>, <option>--add-subgids</option>&nbsp;<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>
 	</term>
 	<listitem>
 	  <para>
@@ -438,7 +438,7 @@
       </varlistentry>
       <varlistentry condition="subids">
 	<term>
-	  <option>-W</option>, <option>--del-sub-gids</option>&nbsp;<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>
+	  <option>-W</option>, <option>--del-subgids</option>&nbsp;<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>
 	</term>
 	<listitem>
 	  <para>
@@ -446,7 +446,7 @@
 	  </para>
 	  <para>
 	    This option may be specified multiple times to remove multiple ranges to a users account.
-	    When both <option>--del-sub-gids</option> and <option>--add-sub-gids</option> are specified,
+	    When both <option>--del-subgids</option> and <option>--add-subgids</option> are specified,
 	    the removal of all subordinate gid ranges happens before any subordinate gid range is added.
 	  </para>
 	  <para>

po/kk.po

@@ -1,21 +1,22 @@
 # shadowutils to kazakh.
 # Copyright (C) 2009 Free Software Foundation, Inc.
 # This file is distributed under the same license as the PACKAGE package.
-# Baurzhan Muftakhidinov <baurthefirst@gmail.com>, 2009-2012.
+# Baurzhan Muftakhidinov <baurthefirst@gmail.com>, 2009-2017.
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: shadowutils\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
 "POT-Creation-Date: 2016-09-18 14:03-0500\n"
-"PO-Revision-Date: 2012-01-20 21:16+0600\n"
+"PO-Revision-Date: 2017-02-07 17:09+0500\n"
 "Last-Translator: Baurzhan Muftakhidinov <baurthefirst@gmail.com>\n"
 "Language-Team: Kazakh <kk_KZ@googlegroups.com>\n"
 "Language: kk\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=1; plural=0\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+"X-Generator: Poedit 1.8.11\n"
 
 #, c-format
 msgid ""
@@ -43,10 +44,9 @@ msgstr "баптау қатесі - белгісіз элемент '%s' (адм
 msgid "%s: nscd did not terminate normally (signal %d)\n"
 msgstr "%s: nscd өз жұмысын дұрыс аяқтаған жоқ (%d сигналымен)\n"
 
-#, fuzzy, c-format
-#| msgid "%s: nscd exited with status %d"
+#, c-format
 msgid "%s: nscd exited with status %d\n"
-msgstr "%s: nscd %d статуспен жұмысын өз аяқтады"
+msgstr "%s: nscd %d қалып-күймен өз жұмысын аяқтады\n"
 
 msgid "Password: "
 msgstr "Пароль: "
@@ -417,10 +417,9 @@ msgstr "%s: '%s' chroot жолы қате\n"
 msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: %s chroot бумасына қатынау мүмкін емес: %s\n"
 
-#, fuzzy, c-format
-#| msgid "%s: cannot access chroot directory %s: %s\n"
+#, c-format
 msgid "%s: cannot chdir to chroot directory %s: %s\n"
-msgstr "%s: %s chroot бумасына қатынау мүмкін емес: %s\n"
+msgstr "%s: %s chroot бумасына өту (chdir) мүмкін емес: %s\n"
 
 #, c-format
 msgid "%s: unable to chroot to directory %s: %s\n"
@@ -785,10 +784,10 @@ msgstr "%s: жол %d: жол өте ұзын\n"
 msgid "%s: line %d: missing new password\n"
 msgstr "%s: жол %d: жаңа пароль жоқ\n"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: Failed to write %s: %s\n"
 msgid "%s: failed to crypt password with salt '%s': %s\n"
-msgstr "%s: %s жазу сәтсіз: %s\n"
+msgstr "%s: парольді '%s' тұзымен шифрлеу сәтсіз аяқталды: %s\n"
 
 #, c-format
 msgid "%s: line %d: group '%s' does not exist\n"
@@ -1096,13 +1095,14 @@ msgstr "%s: GID '%lu' бар болып тұр\n"
 msgid "%s: Cannot setup cleanup service.\n"
 msgstr "%s: Тазарту қызметін орнату мүмкін емес.\n"
 
-#, fuzzy
 #| msgid ""
 #| "  -r, --reset                   reset the counters of login failures\n"
 msgid ""
 "  -f, --force                   delete group even if it is the primary group "
 "of a user\n"
-msgstr "  -r, --reset                   сәтсіз кіру талап санағышын нөлдеу\n"
+msgstr ""
+"  -f, --force                   топты өшіру, егер ол пайдаланушының "
+"біріншілік тобы болса да\n"
 
 #, c-format
 msgid "%s: cannot remove entry '%s' from %s\n"
@@ -1330,25 +1330,23 @@ msgstr ""
 "  -b, --before КҮН              мерзімі КҮНнен үлкен ғана lastlog жазбаларын "
 "көрсету\n"
 
-#, fuzzy
 #| msgid ""
 #| "  -a, --all                     display faillog records for all users\n"
 msgid ""
 "  -C, --clear                   clear lastlog record of an user (usable only "
 "with -u)\n"
 msgstr ""
-"  -a, --all                     барлық пайдаланушылар үшін faillog "
-"жазбаларын көрсету\n"
+"  -C, --clear                   пайдаланушының lastlog жазбасын тазарту (тек "
+"-u опциясымен бірге пайдаланылады)\n"
 
-#, fuzzy
 #| msgid ""
 #| "  -a, --all                     display faillog records for all users\n"
 msgid ""
 "  -S, --set                     set lastlog record to current time (usable "
 "only with -u)\n"
 msgstr ""
-"  -a, --all                     барлық пайдаланушылар үшін faillog "
-"жазбаларын көрсету\n"
+"  -S, --set                     lastlog жазбасын ағымдағы уақытқа орнату "
+"(тек -u опциясымен бірге пайдаланылады)\n"
 
 msgid ""
 "  -t, --time DAYS               print only lastlog records more recent than "
@@ -1372,23 +1370,22 @@ msgstr "Пайдаланушы             Порт     Соңғы"
 msgid "**Never logged in**"
 msgstr "**Жүйеге ешқашан кірмеген**"
 
-#, fuzzy, c-format
-#| msgid "%s: Failed to get the entry for UID %lu\n"
+#, c-format
 msgid "%s: Failed to update the entry for UID %lu\n"
-msgstr "%s: UID %lu үшін жазбаны алу мүмкін емес\n"
+msgstr "%s: UID %lu үшін жазбаны жаңарту сәтсіз аяқталды\n"
 
-#, fuzzy, c-format
-#| msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
+#, c-format
 msgid "%s: Failed to update the lastlog file\n"
-msgstr "%s: %lu UID-і үшін lastlog жазбасын нөлдеу сәтсіз: %s\n"
+msgstr "%s: lastlog файлын жаңарту сәтсіз аяқталды\n"
 
 #, c-format
 msgid "%s: Option -C cannot be used together with option -S\n"
-msgstr ""
+msgstr "%s: -C опциясын -S опциясымен бірге қолдануға болмайды\n"
 
 #, c-format
 msgid "%s: Options -C and -S require option -u to specify the user\n"
 msgstr ""
+"%s: -C және -S опциялары пайдаланушыны көрсету үшін -u опциясын талап етеді\n"
 
 #, c-format
 msgid "Usage: %s [-p] [name]\n"
@@ -1513,10 +1510,10 @@ msgstr "Қолданылуы: newgrp [-] [топ]\n"
 msgid "Usage: sg group [[-c] command]\n"
 msgstr "Қолданылуы: sg топ [[-c] командасы]\n"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: Failed to write %s: %s\n"
 msgid "%s: failed to crypt password with previous salt: %s\n"
-msgstr "%s: %s жазу сәтсіз: %s\n"
+msgstr "%s: парольді алдыңғы тұзбен шифрлеу сәтсіз аяқталды: %s\n"
 
 msgid "Invalid password.\n"
 msgstr "пароль қате.\n"
@@ -1585,20 +1582,18 @@ msgstr "%s: жол %d: chown %s сәтсіз: %s\n"
 msgid "%s: line %d: can't update entry\n"
 msgstr "%s: жол %d: жазбаны жаңарту мүмкін емес\n"
 
-#, fuzzy, c-format
-#| msgid "%s: failed to prepare the new %s entry '%s'\n"
+#, c-format
 msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: жаңа %s '%s' жазбаны дайындау мүмкін емес\n"
+msgstr "%s: жаңа %s жазбасын дайындау сәтсіз аяқталды\n"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: can't create user\n"
 msgid "%s: can't find subordinate user range\n"
-msgstr "%s: пайдаланушыны жасау мүмкін емес\n"
+msgstr "%s: бағынышты пайдаланушы ауқымын табу мүмкін емес\n"
 
-#, fuzzy, c-format
-#| msgid "%s: can't create group\n"
+#, c-format
 msgid "%s: can't find subordinate group range\n"
-msgstr "%s: топты құру мүмкін емес\n"
+msgstr "%s: бағынышты топ ауқымын табу мүмкін емес\n"
 
 msgid ""
 "  -a, --all                     report password status on all accounts\n"
@@ -2010,10 +2005,10 @@ msgstr "%s: жаңа defaults файлын ашу мүмкін емес\n"
 msgid "%s: line too long in %s: %s..."
 msgstr "%s: %s ішіндегі жол тым ұзын: %s..."
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: Cannot create symbolic link %s: %s\n"
 msgid "%s: Cannot create backup file (%s): %s\n"
-msgstr "%s: %s символдық сілтемесін жасау мүмкін емес: %s\n"
+msgstr "%s: Қор көшірме файлын жасау мүмкін емес (%s): %s\n"
 
 #, c-format
 msgid "%s: rename: %s: %s\n"
@@ -2176,10 +2171,9 @@ msgstr "%s: %lu UID-і үшін faillog жазбасын нөлдеу сәтсі
 msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
 msgstr "%s: %lu UID-і үшін lastlog жазбасын нөлдеу сәтсіз: %s\n"
 
-#, fuzzy, c-format
-#| msgid "%s: failed to prepare the new %s entry '%s'\n"
+#, c-format
 msgid "%s: failed to prepare the new %s entry\n"
-msgstr "%s: жаңа %s '%s' жазбаны дайындау мүмкін емес\n"
+msgstr "%s: жаңа %s жазбасын дайындау сәтсіз аяқталды\n"
 
 #, c-format
 msgid "%s: cannot create directory %s\n"
@@ -2223,15 +2217,14 @@ msgstr "%s: %s үшін tcb бумасын жасау мүмкін емес\n"
 msgid "%s: can't create group\n"
 msgstr "%s: топты құру мүмкін емес\n"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: can't create user\n"
 msgid "%s: can't create subordinate user IDs\n"
-msgstr "%s: пайдаланушыны жасау мүмкін емес\n"
+msgstr "%s: бағынышты пайдаланушы ID-ын жасау мүмкін емес\n"
 
-#, fuzzy, c-format
-#| msgid "%s: can't create group\n"
+#, c-format
 msgid "%s: can't create subordinate group IDs\n"
-msgstr "%s: топты құру мүмкін емес\n"
+msgstr "%s: бағынышты топ ID-ын жасау мүмкін емес\n"
 
 #, c-format
 msgid ""
@@ -2277,10 +2270,9 @@ msgstr ""
 "%s: %s тобын өшіру мүмкін емес, ол басқа пайдаланушы үшін басыңқы топ болып "
 "табылады.\n"
 
-#, fuzzy, c-format
-#| msgid "%s: cannot remove entry '%s' from %s\n"
+#, c-format
 msgid "%s: cannot remove entry %lu from %s\n"
-msgstr "%s: '%s' жазбасын %s ішінен өшіру мүмкін емес\n"
+msgstr "%s: %lu жазбасын %s ішінен өшіру мүмкін емес\n"
 
 #, c-format
 msgid "%s: %s mail spool (%s) not found\n"
@@ -2407,16 +2399,16 @@ msgstr ""
 "  -U, --unlock                  пайдаланушы тіркелгісін оқшаулаудан босату\n"
 
 msgid "  -v, --add-subuids FIRST-LAST  add range of subordinate uids\n"
-msgstr ""
+msgstr "  -v, --add-subuids БІРІНШІ-СОҢҒЫ  бағынышты uid-тар ауқымын қосу\n"
 
 msgid "  -V, --del-subuids FIRST-LAST  remove range of subordinate uids\n"
-msgstr ""
+msgstr "  -V, --del-subuids БІРІНШІ-СОҢҒЫ  бағынышты uid-тар ауқымын өшіру\n"
 
 msgid "  -w, --add-subgids FIRST-LAST  add range of subordinate gids\n"
-msgstr ""
+msgstr "  -w, --add-subgids БІРІНШІ-СОҢҒЫ  бағынышты gid-тар ауқымын қосу\n"
 
 msgid "  -W, --del-subgids FIRST-LAST  remove range of subordinate gids\n"
-msgstr ""
+msgstr "  -W, --del-subgids БІРІНШІ-СОҢҒЫ  бағынышты gid-тар ауқымын өшіру\n"
 
 msgid ""
 "  -Z, --selinux-user SEUSER     new SELinux user mapping for the user "
@@ -2437,15 +2429,14 @@ msgstr ""
 msgid "%s: user '%s' already exists in %s\n"
 msgstr "%s: '%s' пайдаланушысы %s ішінде бар болып тұр\n"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: invalid date '%s'\n"
 msgid "%s: invalid subordinate uid range '%s'\n"
-msgstr "%s: '%s' күні қате\n"
+msgstr "%s: жарамсыз бағынышты uid ауқымы '%s'\n"
 
-#, fuzzy, c-format
-#| msgid "%s: invalid date '%s'\n"
+#, c-format
 msgid "%s: invalid subordinate gid range '%s'\n"
-msgstr "%s: '%s' күні қате\n"
+msgstr "%s: жарамсыз бағынышты gid ауқымы '%s'\n"
 
 #, c-format
 msgid "%s: no options\n"
@@ -2463,10 +2454,10 @@ msgstr "%s: -e пен -f үшін көлеңкелі парольдер кере
 msgid "%s: UID '%lu' already exists\n"
 msgstr "%s: '%lu' UID-і бар болып тұр\n"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: %s is not authorized to change the password of %s\n"
 msgid "%s: %s does not exist, you cannot use the flags %s or %s\n"
-msgstr "%s: %s пайдаланушының %s үшін паролді өзгертуге құқығы жоқ\n"
+msgstr "%s: %s жоқ болып тұр, %s немесе %s жалаушаларын қолдануға болмайды\n"
 
 #, c-format
 msgid "%s: directory %s exists\n"
@@ -2512,25 +2503,22 @@ msgstr "mailbox иесін ауыстыру қатемен аяқталды"
 msgid "failed to rename mailbox"
 msgstr "mailbox атын ауыстыру қатемен аяқталды"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: failed to prepare the new %s entry '%s'\n"
 msgid "%s: failed to remove uid range %lu-%lu from '%s'\n"
-msgstr "%s: жаңа %s '%s' жазбаны дайындау мүмкін емес\n"
+msgstr "%s: %lu-%lu uid-тар ауқымын '%s' ішінен өшіру сәтсіз аяқталды\n"
 
-#, fuzzy, c-format
-#| msgid "%s: failed to prepare the new %s entry '%s'\n"
+#, c-format
 msgid "%s: failed to add uid range %lu-%lu from '%s'\n"
-msgstr "%s: жаңа %s '%s' жазбаны дайындау мүмкін емес\n"
+msgstr "%s: %lu-%lu uid ауқымын '%s' ішіне қосу сәтсіз аяқталды\n"
 
-#, fuzzy, c-format
-#| msgid "%s: failed to prepare the new %s entry '%s'\n"
+#, c-format
 msgid "%s: failed to remove gid range %lu-%lu from '%s'\n"
-msgstr "%s: жаңа %s '%s' жазбаны дайындау мүмкін емес\n"
+msgstr "%s: %lu-%lu gid-тар ауқымын '%s' ішінен өшіру сәтсіз аяқталды\n"
 
-#, fuzzy, c-format
-#| msgid "%s: failed to prepare the new %s entry '%s'\n"
+#, c-format
 msgid "%s: failed to add gid range %lu-%lu from '%s'\n"
-msgstr "%s: жаңа %s '%s' жазбаны дайындау мүмкін емес\n"
+msgstr "%s: %lu-%lu gid ауқымын '%s' ішіне қосу сәтсіз аяқталды\n"
 
 #, c-format
 msgid ""
@@ -2585,19 +2573,18 @@ msgstr "Файлды оқшаулау мүмкін емес"
 msgid "Couldn't make backup"
 msgstr "Қор көшірмені жасау мүмкін емес"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: PAM: %s\n"
 msgid "%s: %s: %s\n"
-msgstr "%s: PAM: %s\n"
+msgstr "%s: %s: %s\n"
 
-#, fuzzy, c-format
-#| msgid "%s: nscd exited with status %d"
+#, c-format
 msgid "%s: %s returned with status %d\n"
-msgstr "%s: nscd %d статуспен жұмысын өз аяқтады"
+msgstr "%s: %s %d қалып-күймен өз жұмысын аяқтады\n"
 
 #, c-format
 msgid "%s: %s killed by signal %d\n"
-msgstr ""
+msgstr "%s: %s %d сигналымен тоқтатылды\n"
 
 msgid "failed to open scratch file"
 msgstr "scratch файлын ашу сәтсіз"

po/nb.po

@@ -7,12 +7,13 @@
 # Bjørn Steensrud <bjornst@powertech.no>, 2006.
 # Bjørn Steensrud <bjornst@skogkatt.homelinux.org>, 2009, 2012.
 # Hans Fredrik Nordhaug <hans@nordhaug.priv.no>, 2012.
+# Lars Bahner <bahner@debian.org>, 2015
 msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.0.17\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
 "POT-Creation-Date: 2016-09-18 14:03-0500\n"
-"PO-Revision-Date: 2012-01-18 17:19+0100\n"
+"PO-Revision-Date: 2015-09-30 18:15+0100\n"
 "Last-Translator: Bjørn Steensrud <bjornst@skogkatt.homelinux.org>\n"
 "Language-Team: Norwegian Bokmål <i18n-nb@lister.ping.uio.no>\n"
 "Language: nb\n"
@@ -20,7 +21,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Lokalize 1.2\n"
+"X-Generator: Poedit 1.7.5\n"
 
 #, c-format
 msgid ""
@@ -48,10 +49,9 @@ msgstr "feil med oppsettet - ukjent element «%s» (kontakt administrator)\n"
 msgid "%s: nscd did not terminate normally (signal %d)\n"
 msgstr "%s: nscd avsluttet ikke normallt (signal %d)\n"
 
-#, fuzzy, c-format
-#| msgid "%s: nscd exited with status %d"
+#, c-format
 msgid "%s: nscd exited with status %d\n"
-msgstr "%s: nscd avsluttet med status %d"
+msgstr "%s: nscd avsluttet med status %d\n"
 
 msgid "Password: "
 msgstr "Passord: "
@@ -415,8 +415,9 @@ msgstr "passwd: %s\n"
 msgid "passwd: password unchanged\n"
 msgstr "passwd: passordet er uendret\n"
 
+#, fuzzy
 msgid "passwd: password updated successfully\n"
-msgstr "passwd: passorder ble oppdatert\n"
+msgstr "passwd: passordet ble oppdatert\n"
 
 #, c-format
 msgid "Incorrect password for %s.\n"

po/ru.po

@@ -5,20 +5,20 @@
 # Eugene Konev <ejka@imfi.kspu.ru>, 2004.
 # alyoshin.s@gmail.com <alyoshin.s@gmail.com>, 2008.
 # Yuri Kozlov <kozlov.y@gmail.com>, 2004, 2005, 2006, 2007, 2008.
-# Yuri Kozlov <yuray@komyakino.ru>, 2009, 2011, 2012.
+# Yuri Kozlov <yuray@komyakino.ru>, 2009, 2011, 2012, 2017.
 msgid ""
 msgstr ""
 "Project-Id-Version: shadow 4.1.5.1-1\n"
 "Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
 "POT-Creation-Date: 2016-09-18 14:03-0500\n"
-"PO-Revision-Date: 2013-07-29 10:42+0400\n"
+"PO-Revision-Date: 2017-03-05 11:14+0300\n"
 "Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n"
 "Language-Team: Russian <debian-l10n-russian@lists.debian.org>\n"
 "Language: ru\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Lokalize 1.0\n"
+"X-Generator: Lokalize 2.0\n"
 "Plural-Forms:  nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
 "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
 
@@ -436,10 +436,10 @@ msgstr "%s: некорректное значение пути chroot «%s»\n"
 msgid "%s: cannot access chroot directory %s: %s\n"
 msgstr "%s: нет доступа к каталогу chroot %s: %s\n"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: cannot access chroot directory %s: %s\n"
 msgid "%s: cannot chdir to chroot directory %s: %s\n"
-msgstr "%s: нет доступа к каталогу chroot %s: %s\n"
+msgstr "%s: не удалось выполнить chdir в chroot-каталог %s: %s\n"
 
 #, c-format
 msgid "%s: unable to chroot to directory %s: %s\n"
@@ -806,10 +806,10 @@ msgstr "%s: строка %d: слишком длинная строка\n"
 msgid "%s: line %d: missing new password\n"
 msgstr "%s: строка %d: отсутствует новый пароль\n"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: Failed to write %s: %s\n"
 msgid "%s: failed to crypt password with salt '%s': %s\n"
-msgstr "%s: не удалось записать %s: %s\n"
+msgstr "%s: не удалось зашифровать пароль с солью «%s»: %s\n"
 
 #, c-format
 msgid "%s: line %d: group '%s' does not exist\n"
@@ -1098,7 +1098,7 @@ msgstr ""
 "                                новой группы\n"
 
 msgid "  -r, --system                  create a system account\n"
-msgstr "  -r, --system                  создать системную учётную запись\n"
+msgstr "  -r, --system                  создавать системную группу\n"
 
 #, c-format
 msgid "%s: '%s' is not a valid group name\n"
@@ -1124,14 +1124,15 @@ msgstr "%s: GID «%lu» уже существует\n"
 msgid "%s: Cannot setup cleanup service.\n"
 msgstr "%s: не удалось настроить службу очистки.\n"
 
-#, fuzzy
 #| msgid ""
 #| "  -r, --reset                   reset the counters of login failures\n"
 msgid ""
 "  -f, --force                   delete group even if it is the primary group "
 "of a user\n"
 msgstr ""
-"  -r, --reset                   сбросить счётчик неудачных попыток входа\n"
+"  -f, --force                   удалить группу, даже если она является"
+" первичной\n"
+"                                группой пользователя\n"
 
 #, c-format
 msgid "%s: cannot remove entry '%s' from %s\n"
@@ -1357,25 +1358,23 @@ msgstr ""
 "  -b, --before ДНЕЙ             показать записи lastlog за последние ДНЕЙ "
 "дней\n"
 
-#, fuzzy
 #| msgid ""
 #| "  -a, --all                     display faillog records for all users\n"
 msgid ""
 "  -C, --clear                   clear lastlog record of an user (usable only "
 "with -u)\n"
 msgstr ""
-"  -a, --all                     показать записи faillog для всех "
-"пользователей\n"
+"  -C, --clear                   очистить запись lastlog пользователя\n"
+"                                (только вместе с -u)\n"
 
-#, fuzzy
 #| msgid ""
 #| "  -a, --all                     display faillog records for all users\n"
 msgid ""
 "  -S, --set                     set lastlog record to current time (usable "
 "only with -u)\n"
 msgstr ""
-"  -a, --all                     показать записи faillog для всех "
-"пользователей\n"
+"  -S, --set                     поставить в записи lastlog текущее время\n"
+"                                (только вместе с -u)\n"
 
 msgid ""
 "  -t, --time DAYS               print only lastlog records more recent than "
@@ -1399,23 +1398,24 @@ msgstr "Пользователь            Порт     Последний ра
 msgid "**Never logged in**"
 msgstr "**Никогда не входил в систему**"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: Failed to get the entry for UID %lu\n"
 msgid "%s: Failed to update the entry for UID %lu\n"
-msgstr "%s: не удалось получить запись для UID %lu\n"
+msgstr "%s: не удалось обновить запись для UID %lu\n"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
 msgid "%s: Failed to update the lastlog file\n"
-msgstr "%s: не удалось сбросить запись в lastlog для UID %lu: %s\n"
+msgstr "%s: не удалось обновить файл lastlog\n"
 
 #, c-format
 msgid "%s: Option -C cannot be used together with option -S\n"
-msgstr ""
+msgstr "%s: параметр -C нельзя использовать вместе с параметром -S\n"
 
 #, c-format
 msgid "%s: Options -C and -S require option -u to specify the user\n"
 msgstr ""
+"%s: для параметров -C и -S требуется указать пользователя в параметре -u\n"
 
 #, c-format
 msgid "Usage: %s [-p] [name]\n"
@@ -1539,10 +1539,10 @@ msgstr "Использование: newgrp [-] [группа]\n"
 msgid "Usage: sg group [[-c] command]\n"
 msgstr "Использование: sg группа [[-c] команда]\n"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: Failed to write %s: %s\n"
 msgid "%s: failed to crypt password with previous salt: %s\n"
-msgstr "%s: не удалось записать %s: %s\n"
+msgstr "%s: не удалось зашифровать пароль с предыдущей солью: %s\n"
 
 msgid "Invalid password.\n"
 msgstr "Неправильный пароль.\n"
@@ -1612,20 +1612,20 @@ msgstr "%s: строка %d: вызов chown %s завершился неуда
 msgid "%s: line %d: can't update entry\n"
 msgstr "%s: строка %d: не удалось обновить запись\n"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: failed to prepare the new %s entry '%s'\n"
 msgid "%s: failed to prepare new %s entry\n"
-msgstr "%s: не удалось подготовить новую %s запись «%s»\n"
+msgstr "%s: не удалось подготовить новую %s запись\n"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: can't create user\n"
 msgid "%s: can't find subordinate user range\n"
-msgstr "%s: не удалось создать пользователя\n"
+msgstr "%s: не удалось найти подчинённый диапазон пользователей\n"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: can't create group\n"
 msgid "%s: can't find subordinate group range\n"
-msgstr "%s: не удалось создать группу\n"
+msgstr "%s: не удалось найти подчинённый диапазон групп\n"
 
 msgid ""
 "  -a, --all                     report password status on all accounts\n"
@@ -2219,10 +2219,10 @@ msgstr "%s: не удалось сбросить запись в faillog для
 msgid "%s: failed to reset the lastlog entry of UID %lu: %s\n"
 msgstr "%s: не удалось сбросить запись в lastlog для UID %lu: %s\n"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: failed to prepare the new %s entry '%s'\n"
 msgid "%s: failed to prepare the new %s entry\n"
-msgstr "%s: не удалось подготовить новую %s запись «%s»\n"
+msgstr "%s: не удалось подготовить новую %s запись\n"
 
 #, c-format
 msgid "%s: cannot create directory %s\n"
@@ -2267,15 +2267,15 @@ msgstr "%s: не удалось создать tcb-каталог для %s\n"
 msgid "%s: can't create group\n"
 msgstr "%s: не удалось создать группу\n"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: can't create user\n"
 msgid "%s: can't create subordinate user IDs\n"
-msgstr "%s: не удалось создать пользователя\n"
+msgstr "%s: не удалось создать подчинённые пользовательские ID\n"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: can't create group\n"
 msgid "%s: can't create subordinate group IDs\n"
-msgstr "%s: не удалось создать группу\n"
+msgstr "%s: не удалось создать подчинённые групповые ID\n"
 
 #, c-format
 msgid ""
@@ -2325,10 +2325,10 @@ msgstr ""
 "%s: группа %s является первичной для другого пользователя и не может быть "
 "удалена.\n"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: cannot remove entry '%s' from %s\n"
 msgid "%s: cannot remove entry %lu from %s\n"
-msgstr "%s: не удалось удалить запись «%s» из %s\n"
+msgstr "%s: не удалось удалить запись %lu из %s\n"
 
 #, c-format
 msgid "%s: %s mail spool (%s) not found\n"
@@ -2452,16 +2452,16 @@ msgid "  -U, --unlock                  unlock the user account\n"
 msgstr "  -U, --unlock                  разблокировать учётную запись\n"
 
 msgid "  -v, --add-subuids FIRST-LAST  add range of subordinate uids\n"
-msgstr ""
+msgstr "  -v, --add-subuids ПЕРВ-ПОСЛ   добавить диапазон подчинённых uid\n"
 
 msgid "  -V, --del-subuids FIRST-LAST  remove range of subordinate uids\n"
-msgstr ""
+msgstr "  -V, --del-subuids ПЕРВ-ПОСЛ   удалить диапазон подчинённых uid\n"
 
 msgid "  -w, --add-subgids FIRST-LAST  add range of subordinate gids\n"
-msgstr ""
+msgstr "  -w, --add-subgids ПЕРВ-ПОСЛ   добавить диапазон подчинённых gid\n"
 
 msgid "  -W, --del-subgids FIRST-LAST  remove range of subordinate gids\n"
-msgstr ""
+msgstr "  -W, --del-subgids ПЕРВ-ПОСЛ   удалить диапазон подчинённых gid\n"
 
 msgid ""
 "  -Z, --selinux-user SEUSER     new SELinux user mapping for the user "
@@ -2483,15 +2483,15 @@ msgstr ""
 msgid "%s: user '%s' already exists in %s\n"
 msgstr "%s: пользователь «%s» уже существует в %s\n"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: invalid date '%s'\n"
 msgid "%s: invalid subordinate uid range '%s'\n"
-msgstr "%s: неверная дата «%s»\n"
+msgstr "%s: некорректный диапазон подчинённых uid «%s»\n"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: invalid date '%s'\n"
 msgid "%s: invalid subordinate gid range '%s'\n"
-msgstr "%s: неверная дата «%s»\n"
+msgstr "%s: некорректный диапазон подчинённых gid «%s»\n"
 
 #, c-format
 msgid "%s: no options\n"
@@ -2510,10 +2510,10 @@ msgstr ""
 msgid "%s: UID '%lu' already exists\n"
 msgstr "%s: UID «%lu» уже существует\n"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: %s is not authorized to change the password of %s\n"
 msgid "%s: %s does not exist, you cannot use the flags %s or %s\n"
-msgstr "%s: у %s нет прав изменять пароль %s\n"
+msgstr "%s: %s не существует, нельзя указывать флаги %s или %s\n"
 
 #, c-format
 msgid "%s: directory %s exists\n"
@@ -2562,25 +2562,25 @@ msgstr "не удалось сменить владельца почтового
 msgid "failed to rename mailbox"
 msgstr "не удалось переименовать почтовый ящик"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: failed to prepare the new %s entry '%s'\n"
 msgid "%s: failed to remove uid range %lu-%lu from '%s'\n"
-msgstr "%s: не удалось подготовить новую %s запись «%s»\n"
+msgstr "%s: не удалось удалить диапазон uid %lu-%lu из «%s»\n"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: failed to prepare the new %s entry '%s'\n"
 msgid "%s: failed to add uid range %lu-%lu from '%s'\n"
-msgstr "%s: не удалось подготовить новую %s запись «%s»\n"
+msgstr "%s: не удалось добавить диапазон uid %lu-%lu в «%s»\n"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: failed to prepare the new %s entry '%s'\n"
 msgid "%s: failed to remove gid range %lu-%lu from '%s'\n"
-msgstr "%s: не удалось подготовить новую %s запись «%s»\n"
+msgstr "%s: не удалось удалить диапазон gid %lu-%lu из «%s»\n"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: failed to prepare the new %s entry '%s'\n"
 msgid "%s: failed to add gid range %lu-%lu from '%s'\n"
-msgstr "%s: не удалось подготовить новую %s запись «%s»\n"
+msgstr "%s: не удалось добавить диапазон gid %lu-%lu в «%s»\n"
 
 #, c-format
 msgid ""
@@ -2638,19 +2638,19 @@ msgstr "Не удалось заблокировать файл"
 msgid "Couldn't make backup"
 msgstr "Не удалось создать резервную копию"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: PAM: %s\n"
 msgid "%s: %s: %s\n"
-msgstr "%s: PAM: %s\n"
+msgstr "%s: %s: %s\n"
 
-#, fuzzy, c-format
+#, c-format
 #| msgid "%s: nscd exited with status %d\n"
 msgid "%s: %s returned with status %d\n"
-msgstr "%s: nscd завершился с кодом выхода %d\n"
+msgstr "%s: %s завершился с кодом выхода %d\n"
 
 #, c-format
 msgid "%s: %s killed by signal %d\n"
-msgstr ""
+msgstr "%s: %s убит по сигналу %d\n"
 
 msgid "failed to open scratch file"
 msgstr "не удалось открыть черновой файл"

po/zh_TW.po

@@ -18,7 +18,6 @@ msgstr ""
 "Plural-Forms: nplurals=1; plural=0;\n"
 "X-Poedit-Language: Chinese\n"
 "X-Poedit-Country: TAIWAN\n"
-"Plural-Forms: nplurals=1; plural=0;\n"
 
 #, c-format
 msgid ""

src/Makefile.am

@@ -7,9 +7,10 @@ usbindir = ${prefix}/sbin
 suidperms = 4755
 sgidperms = 2755
 
-INCLUDES = \
+AM_CPPFLAGS = \
 	-I${top_srcdir}/lib \
-	-I$(top_srcdir)/libmisc
+	-I$(top_srcdir)/libmisc \
+	-DLOCALEDIR=\"$(datadir)/locale\"
 
 # XXX why are login and su in /bin anyway (other than for
 # historical reasons)?
@@ -54,10 +55,10 @@ noinst_PROGRAMS = id sulogin
 suidbins       = su
 suidubins      = chage chfn chsh expiry gpasswd newgrp passwd
 if ACCT_TOOLS_SETUID
-	suidubins += chage chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod
+suidubins += chage chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod
 endif
 if ENABLE_SUBIDS
-	suidubins += newgidmap newuidmap
+suidubins += newgidmap newuidmap
 endif
 
 if WITH_TCB
@@ -69,7 +70,6 @@ LDADD          = $(INTLLIBS) \
 		 $(LIBTCB) \
 		 $(top_builddir)/libmisc/libmisc.a \
 		 $(top_builddir)/lib/libshadow.la
-AM_CPPFLAGS    = -DLOCALEDIR=\"$(datadir)/locale\"
 
 if ACCT_TOOLS_SETUID
 LIBPAM_SUID  = $(LIBPAM)
@@ -113,7 +113,7 @@ pwunconv_LDADD = $(LDADD) $(LIBSELINUX)
 su_SOURCES     = \
 	su.c \
 	suauth.c
-su_LDADD       = $(LDADD) $(LIBPAM) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
+su_LDADD       = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
 sulogin_LDADD  = $(LDADD) $(LIBCRYPT)
 useradd_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR)
 userdel_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE)
@@ -125,14 +125,14 @@ install-am: all-am
 	ln -sf newgrp	$(DESTDIR)$(ubindir)/sg
 	ln -sf vipw	$(DESTDIR)$(usbindir)/vigr
 	for i in $(suidbins); do \
-		chmod -f $(suidperms) $(DESTDIR)$(bindir)/$$i; \
+		chmod $(suidperms) $(DESTDIR)$(bindir)/$$i; \
 	done
 	for i in $(suidubins); do \
-		chmod -f $(suidperms) $(DESTDIR)$(ubindir)/$$i; \
+		chmod $(suidperms) $(DESTDIR)$(ubindir)/$$i; \
 	done
 if WITH_TCB
 	for i in $(shadowsgidubins); do \
 		chown root:shadow $(DESTDIR)$(ubindir)/$$i; \
-		chmod -f $(sgidperms) $(DESTDIR)$(ubindir)/$$i; \
+		chmod $(sgidperms) $(DESTDIR)$(ubindir)/$$i; \
 	done
 endif

src/chpasswd.c

@@ -552,7 +552,7 @@ int main (int argc, char **argv)
 		if (NULL != sp) {
 			newsp = *sp;
 			newsp.sp_pwdp = cp;
-			newsp.sp_lstchg = (long) time ((time_t *)NULL) / SCALE;
+			newsp.sp_lstchg = (long) gettime () / SCALE;
 			if (0 == newsp.sp_lstchg) {
 				/* Better disable aging than requiring a
 				 * password change */

src/newusers.c

@@ -496,7 +496,7 @@ static int add_passwd (struct passwd *pwd, const char *password)
 			}
 			spent.sp_pwdp = cp;
 		}
-		spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
+		spent.sp_lstchg = (long) gettime () / SCALE;
 		if (0 == spent.sp_lstchg) {
 			/* Better disable aging than requiring a password
 			 * change */
@@ -553,7 +553,7 @@ static int add_passwd (struct passwd *pwd, const char *password)
 	 */
 	spent.sp_pwdp = "!";
 #endif
-	spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
+	spent.sp_lstchg = (long) gettime () / SCALE;
 	if (0 == spent.sp_lstchg) {
 		/* Better disable aging than requiring a password change */
 		spent.sp_lstchg = -1;
@@ -988,8 +988,8 @@ int main (int argc, char **argv)
 	is_shadow_grp = sgr_file_present ();
 #endif
 #ifdef ENABLE_SUBIDS
-	is_sub_uid = sub_uid_file_present ();
-	is_sub_gid = sub_gid_file_present ();
+	is_sub_uid = sub_uid_file_present () && !rflg;
+	is_sub_gid = sub_gid_file_present () && !rflg;
 #endif				/* ENABLE_SUBIDS */
 
 	open_files ();

src/passwd.c

@@ -668,7 +668,7 @@ static void update_shadow (void)
 	}
 #ifndef USE_PAM
 	if (do_update_age) {
-		nsp->sp_lstchg = (long) time ((time_t *) 0) / SCALE;
+		nsp->sp_lstchg = (long) gettime () / SCALE;
 		if (0 == nsp->sp_lstchg) {
 			/* Better disable aging than requiring a password
 			 * change */

src/su.c

@@ -219,6 +219,22 @@ static /*@noreturn@*/void su_failure (const char *tty, bool su_to_root)
 	}
 	closelog ();
 #endif
+
+#ifdef WITH_AUDIT
+	audit_fd = audit_open ();
+	audit_log_acct_message (audit_fd,
+				AUDIT_USER_ROLE_CHANGE,
+				NULL,    /* Prog. name */
+				"su",
+				('\0' != caller_name[0]) ? caller_name : "???",
+				AUDIT_NO_ID,
+				"localhost",
+				NULL,    /* addr */
+				tty,
+				0);      /* result */
+	close (audit_fd);
+#endif				/* WITH_AUDIT */
+
 	exit (1);
 }
 
@@ -363,23 +379,38 @@ static void prepare_pam_close_session (void)
 				/* wake child when resumed */
 				kill (pid, SIGCONT);
 				stop = false;
+			} else if (   (pid_t)-1 != pid) {
+				pid_child = 0;
 			}
 		} while (!stop);
 	}
 
-	if (0 != caught) {
+	if (0 != caught && 0 != pid_child) {
 		(void) fputs ("\n", stderr);
 		(void) fputs (_("Session terminated, terminating shell..."),
 		              stderr);
 		(void) kill (-pid_child, caught);
 
-		snprintf (kill_msg, 256, _(" ...killed.\n"));
-		snprintf (wait_msg, 256, _(" ...waiting for child to terminate.\n"));
+		snprintf (kill_msg, sizeof kill_msg, _(" ...killed.\n"));
+		snprintf (wait_msg, sizeof wait_msg, _(" ...waiting for child to terminate.\n"));
 
 		(void) signal (SIGALRM, kill_child);
+		(void) signal (SIGCHLD, catch_signals);
 		(void) alarm (2);
 
-		(void) wait (&status);
+		sigemptyset (&ourset);
+		if ((sigaddset (&ourset, SIGALRM) != 0)
+		    || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) {
+			fprintf (stderr, _("%s: signal masking malfunction\n"), Prog);
+			kill_child (0);
+		} else {
+			while (0 == waitpid (pid_child, &status, WNOHANG)) {
+				sigsuspend (&ourset);
+			}
+			pid_child = 0;
+			(void) sigprocmask (SIG_UNBLOCK, &ourset, NULL);
+		}
+
 		(void) fputs (_(" ...terminated.\n"), stderr);
 	}
 
@@ -1076,6 +1107,21 @@ int main (int argc, char **argv)
 	}
 #endif				/* !USE_PAM */
 
+#ifdef WITH_AUDIT
+	audit_fd = audit_open ();
+	audit_log_acct_message (audit_fd,
+				AUDIT_USER_ROLE_CHANGE,
+				NULL,    /* Prog. name */
+				"su",
+				('\0' != caller_name[0]) ? caller_name : "???",
+				AUDIT_NO_ID,
+				"localhost",
+				NULL,    /* addr */
+				caller_tty,
+				1);      /* result */
+	close (audit_fd);
+#endif				/* WITH_AUDIT */
+
 	set_environment (pw);
 
 	if (!doshell) {

src/useradd.c

@@ -51,7 +51,9 @@
 #include <string.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#include <sys/wait.h>
 #include <time.h>
+#include <unistd.h>
 #include "chkname.h"
 #include "defines.h"
 #include "faillog.h"
@@ -213,6 +215,7 @@ static void open_files (void);
 static void open_shadow (void);
 static void faillog_reset (uid_t);
 static void lastlog_reset (uid_t);
+static void tallylog_reset (char *);
 static void usr_update (void);
 static void create_home (void);
 static void create_mail (void);
@@ -825,7 +828,7 @@ static void new_spent (struct spwd *spent)
 	memzero (spent, sizeof *spent);
 	spent->sp_namp = (char *) user_name;
 	spent->sp_pwdp = (char *) user_pass;
-	spent->sp_lstchg = (long) time ((time_t *) 0) / SCALE;
+	spent->sp_lstchg = (long) gettime () / SCALE;
 	if (0 == spent->sp_lstchg) {
 		/* Better disable aging than requiring a password change */
 		spent->sp_lstchg = -1;
@@ -1789,6 +1792,52 @@ static void lastlog_reset (uid_t uid)
 	}
 }
 
+static void tallylog_reset (char *user_name)
+{
+	const char pam_tally2[] = "/sbin/pam_tally2";
+	const char *pname;
+	pid_t childpid;
+	int failed;
+	int status;
+
+	if (access(pam_tally2, X_OK) == -1)
+		return;
+
+	failed = 0;
+	switch (childpid = fork())
+	{
+	case -1: /* error */
+		failed = 1;
+		break;
+	case 0: /* child */
+		pname = strrchr(pam_tally2, '/');
+		if (pname == NULL)
+			pname = pam_tally2;
+		else
+			pname++;        /* Skip the '/' */
+		execl(pam_tally2, pname, "--user", user_name, "--reset", "--quiet", NULL);
+		/* If we come here, something has gone terribly wrong */
+		perror(pam_tally2);
+		exit(42);       /* don't continue, we now have 2 processes running! */
+		/* NOTREACHED */
+		break;
+	default: /* parent */
+		if (waitpid(childpid, &status, 0) == -1 || !WIFEXITED(status) || WEXITSTATUS(status) != 0)
+			failed = 1;
+		break;
+	}
+
+	if (failed)
+	{
+		fprintf (stderr,
+		         _("%s: failed to reset the tallylog entry of user \"%s\"\n"),
+		         Prog, user_name);
+		SYSLOG ((LOG_WARN, "failed to reset the tallylog entry of user \"%s\"", user_name));
+	}
+
+	return;
+}
+
 /*
  * usr_update - create the user entries
  *
@@ -1896,6 +1945,9 @@ static void create_home (void)
 	if (access (user_home, F_OK) != 0) {
 #ifdef WITH_SELINUX
 		if (set_selinux_file_context (user_home) != 0) {
+			fprintf (stderr,
+			         _("%s: cannot set SELinux context for home directory %s\n"),
+			         Prog, user_home);
 			fail_exit (E_HOMEDIR);
 		}
 #endif
@@ -1925,6 +1977,9 @@ static void create_home (void)
 #ifdef WITH_SELINUX
 		/* Reset SELinux to create files with default contexts */
 		if (reset_selinux_file_context () != 0) {
+			fprintf (stderr,
+			         _("%s: cannot reset SELinux file creation context\n"),
+			         Prog);
 			fail_exit (E_HOMEDIR);
 		}
 #endif
@@ -1994,8 +2049,8 @@ int main (int argc, char **argv)
 #endif				/* ACCT_TOOLS_SETUID */
 
 #ifdef ENABLE_SUBIDS
-	uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
-	uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
+	uid_t uid_min;
+	uid_t uid_max;
 #endif
 
 	/*
@@ -2027,17 +2082,19 @@ int main (int argc, char **argv)
 	is_shadow_grp = sgr_file_present ();
 #endif
 
+	get_defaults ();
+
 	process_flags (argc, argv);
 
 #ifdef ENABLE_SUBIDS
+	uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
+	uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
 	is_sub_uid = sub_uid_file_present () && !rflg &&
 	    (!user_id || (user_id <= uid_max && user_id >= uid_min));
 	is_sub_gid = sub_gid_file_present () && !rflg &&
 	    (!user_id || (user_id <= uid_max && user_id >= uid_min));
 #endif				/* ENABLE_SUBIDS */
 
-	get_defaults ();
-
 #ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 	{
@@ -2225,6 +2282,15 @@ int main (int argc, char **argv)
 
 	close_files ();
 
+	/*
+	 * tallylog_reset needs to be able to lookup
+	 * a valid existing user name,
+	 * so we canot call it before close_files()
+	 */
+	if (!lflg && getpwuid (user_id) != NULL) {
+		tallylog_reset (user_name);
+	}
+
 #ifdef WITH_SELINUX
 	if (Zflg) {
 		if (set_seuser (user_name, user_selinux) != 0) {

src/usermod.c

@@ -641,7 +641,7 @@ static void new_spent (struct spwd *spent)
 	spent->sp_pwdp = new_pw_passwd (spent->sp_pwdp);
 
 	if (pflg) {
-		spent->sp_lstchg = (long) time ((time_t *) 0) / SCALE;
+		spent->sp_lstchg = (long) gettime () / SCALE;
 		if (0 == spent->sp_lstchg) {
 			/* Better disable aging than requiring a password
 			 * change. */
@@ -1673,7 +1673,7 @@ static void usr_update (void)
 			spent.sp_pwdp   = xstrdup (pwent.pw_passwd);
 			pwent.pw_passwd = xstrdup (SHADOW_PASSWD_STRING);
 
-			spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
+			spent.sp_lstchg = (long) gettime () / SCALE;
 			if (0 == spent.sp_lstchg) {
 				/* Better disable aging than
 				 * requiring a password change */
@@ -1756,6 +1756,14 @@ static void move_home (void)
 			fail_exit (E_HOMEDIR);
 		}
 
+#ifdef WITH_AUDIT
+		if (uflg || gflg) {
+			audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+				      "changing home directory owner",
+				      user_newname, (unsigned int) user_newid, 1);
+		}
+#endif
+
 		if (rename (user_home, user_newhome) == 0) {
 			/* FIXME: rename above may have broken symlinks
 			 *        pointing to the user's home directory
@@ -2148,7 +2156,7 @@ int main (int argc, char **argv)
 			unsigned long count = ptr->range.last - ptr->range.first + 1;
 			if (sub_uid_add(user_name, ptr->range.first, count) == 0) {
 				fprintf (stderr,
-					_("%s: failed to add uid range %lu-%lu from '%s'\n"),
+					_("%s: failed to add uid range %lu-%lu to '%s'\n"),
 					Prog, ptr->range.first, ptr->range.last, 
 					sub_uid_dbname ());
 				fail_exit (E_SUB_UID_UPDATE);
@@ -2174,7 +2182,7 @@ int main (int argc, char **argv)
 			unsigned long count = ptr->range.last - ptr->range.first + 1;
 			if (sub_gid_add(user_name, ptr->range.first, count) == 0) {
 				fprintf (stderr,
-					_("%s: failed to add gid range %lu-%lu from '%s'\n"),
+					_("%s: failed to add gid range %lu-%lu to '%s'\n"),
 					Prog, ptr->range.first, ptr->range.last, 
 					sub_gid_dbname ());
 				fail_exit (E_SUB_GID_UPDATE);
@@ -2252,6 +2260,13 @@ int main (int argc, char **argv)
 			 * ownership.
 			 *
 			 */
+#ifdef WITH_AUDIT
+			if (uflg || gflg) {
+				audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+					      "changing home directory owner",
+					      user_newname, (unsigned int) user_newid, 1);
+			}
+#endif
 			if (chown_tree (dflg ? user_newhome : user_home,
 			                user_id,
 			                uflg ? user_newid  : (uid_t)-1,

tests/chroot/chage/01_chage--root/config_chroot/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/chroot/chgpasswd/01_chgpasswd--root/config_chroot/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/chroot/chpasswd/01_chpasswd--root_nopam/config_chroot/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/chroot/chpasswd/02_chpasswd--root_pam/config_chroot/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/chroot/chsh/01_chsh--root/config_chroot/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/chroot/gpasswd/01_gpasswd--root/config_chroot/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/chroot/groupadd/01_groupadd--root/config_chroot/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/chroot/groupdel/01_groupdel--root/config_chroot/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/chroot/groupmod/01_groupmod--root/config_chroot/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/chroot/grpck/01_grpck--root/config_chroot/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/chroot/grpconv/01_grpconv--root/config_chroot/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/chroot/grpunconv/01_grpunconv--root/config_chroot/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/chroot/lastlog/01_lastlog--root/config_chroot/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/chroot/pwck/01_pwck--root/config_chroot/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/chroot/pwconv/01_pwconv--root/config_chroot/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/chroot/pwunconv/01_pwunconv--root/config_chroot/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/chroot/useradd/01_useradd--root/config_chroot/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/chroot/useradd/02_useradd--root_login.defs/config_chroot/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/chroot/useradd/03_useradd--root_useradd.default/config_chroot/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/chroot/useradd/04_useradd--root_useradd-D/config_chroot/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/chroot/useradd/05_useradd--root_useradd-D-e-g/config_chroot/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/chroot/userdel/01_userdel--root/config_chroot/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/chroot/usermod/01_usermod--root/config_chroot/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/grouptools/gpasswd/19_gpasswd_change_passwd-root/config/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/grouptools/gpasswd/20_gpasswd_change_passwd-root-no_shadow_group/config/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/grouptools/gpasswd/21_gpasswd_change_passwd-root-no_gshadow_file/config/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/grouptools/gpasswd/22_gpasswd_change_passwd-myuser/config/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/grouptools/gpasswd/69_gpasswd_change_passwd_2_tries/config/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/grouptools/gpasswd/70_gpasswd_change_passwd_3_tries/config/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/grouptools/gpasswd/71_gpasswd_change_passwd_4_tries/config/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/subids/12_useradd_invalid_subuid_configuration1/config/etc/login.defs

@@ -217,7 +217,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/subids/13_useradd_invalid_subuid_configuration2/config/etc/login.defs

@@ -217,7 +217,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/subids/14_useradd_invalid_subuid_configuration3/config/etc/login.defs

@@ -217,7 +217,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/subids/15_useradd_invalid_subgid_configuration1/config/etc/login.defs

@@ -217,7 +217,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/subids/16_useradd_invalid_subgid_configuration2/config/etc/login.defs

@@ -217,7 +217,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/subids/17_useradd_invalid_subgid_configuration3/config/etc/login.defs

@@ -217,7 +217,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/subids/18_useradd_min=max/config/etc/login.defs

@@ -217,7 +217,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/usertools/userdel/05_userdel_no_USERGROUPS_ENAB/config/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/usertools/userdel/06_userdel_no_usergroup/config/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/usertools/userdel/07_userdel_usergroup_not_primary/config/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/usertools/userdel/08_userdel_usergroup_with_other_members/config/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/usertools/userdel/09_userdel_usergroup_no_other_members_in_gshadow/config/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/usertools/usermod/47_usermod-u_default_maildir/config/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #

tests/usertools/usermod/48_usermod-u_MAIL_FILE/config/etc/login.defs

@@ -209,7 +209,7 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# If set to yes, userdel will remove the user´s group if it contains no
+# If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #