-@@ -115,10 +115,13 @@
- sflg = 0, /* shell program for new account */
- cflg = 0, /* comment (GECOS) field for new account */
- mflg = 0, /* create user's home directory if it doesn't exist */
-+ nflg = 0, /* no group for this user */
- kflg = 0, /* specify a directory to fill new user directory */
-+ Mflg = 0, /* don't crate user's home directory */
- fflg = 0, /* days until account with expired password is locked */
- eflg = 0, /* days since 1970-01-01 when account is locked */
-- Dflg = 0; /* set/show new user default values */
-+ Dflg = 0, /* set/show new user default values */
-+ rflg = 0; /* system account */
-
- #ifdef AUTH_METHODS
- static int Aflg = 0; /* specify authentication method for user */
-@@ -171,6 +174,7 @@
- * exit status values
- */
- #define E_SUCCESS 0 /* success */
-+#define E_LOCKING 1 /* locking error */
- #define E_PW_UPDATE 1 /* can't update password file */
- #define E_USAGE 2 /* bad command syntax */
- #define E_BAD_ARG 3 /* invalid argument to option */
-@@ -711,7 +715,7 @@
- #ifdef AUTH_METHODS
- fprintf(stderr, _("[-A program] "));
- #endif
-- fprintf(stderr, _("[-p passwd] name\n"));
-+ fprintf(stderr, _("[-p passwd] [-n] [-r] name\n"));
-
- fprintf(stderr, _(" %s\t-D [-g group] [-b base] [-s shell]\n"),
- Prog);
-@@ -968,10 +972,13 @@
- {
- const struct passwd *pwd;
- uid_t uid_min, uid_max;
--
-- uid_min = getdef_num("UID_MIN", 100);
-+ if (!rflg) {
-+ uid_min = getdef_num("UID_MIN", 500);
- uid_max = getdef_num("UID_MAX", 60000);
--
-+ } else {
-+ uid_min = 1;
-+ uid_max = 949;
-+ }
- /*
- * Start with some UID value if the user didn't provide us with
- * one already.
-@@ -1126,9 +1133,9 @@
- char *cp;
-
- #ifdef SHADOWPWD
--#define FLAGS "A:Du:og:G:d:s:c:mk:p:f:e:b:O:M"
-+#define FLAGS "A:Du:og:G:d:s:c:mk:p:f:e:b:O:Mnr"
- #else
--#define FLAGS "A:Du:og:G:d:s:c:mk:p:b:O:M"
-+#define FLAGS "A:Du:og:G:d:s:c:mk:p:b:O:Mnr"
- #endif
- while ((arg = getopt(argc, argv, FLAGS)) != EOF) {
- #undef FLAGS
-@@ -1261,6 +1268,12 @@
- case 'o':
- oflg++;
- break;
-+ case 'n':
-+ nflg++;
-+ break;
-+ case 'r':
-+ rflg++;
-+ break;
- case 'O':
- /*
- * override login.defs defaults (-O name=value)
-@@ -1312,9 +1325,10 @@
- * Certain options are only valid in combination with others.
- * Check it here so that they can be specified in any order.
- */
-- if ((oflg && !uflg) || (kflg && !mflg))
-+ if (kflg && !mflg)
-+ usage();
-+ if (mflg && Mflg)
- usage();
--
- /*
- * Either -D or username is required. Defaults can be set with -D
- * for the -b, -e, -f, -g, -s options only.
+--- shadow-4.5/libmisc/find_new_gid.c~ 2017-01-29 22:37:22.000000000 +0200
++++ shadow-4.5/libmisc/find_new_gid.c 2017-05-17 23:13:32.785253060 +0300
+@@ -61,8 +61,8 @@
+ /* A requested ID is allowed to be below the autoselect range */
+ *preferred_min = (gid_t) 1;
+
+- /* Get the minimum ID range from login.defs or default to 101 */
+- *min_id = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
++ /* Get the minimum ID range from login.defs or default to 10 */
++ *min_id = (gid_t) getdef_ulong ("SYS_GID_MIN", 10UL);
+
+ /*
+ * If SYS_GID_MAX is unspecified, we should assume it to be one
+--- shadow-4.5/libmisc/find_new_uid.c~ 2017-01-29 22:37:22.000000000 +0200
++++ shadow-4.5/libmisc/find_new_uid.c 2017-05-17 23:10:38.366687971 +0300
+@@ -61,8 +61,8 @@
+ /* A requested ID is allowed to be below the autoselect range */
+ *preferred_min = (uid_t) 1;
+
+- /* Get the minimum ID range from login.defs or default to 101 */
+- *min_id = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL);
++ /* Get the minimum ID range from login.defs or default to 1 */
++ *min_id = (uid_t) getdef_ulong ("SYS_UID_MIN", 1UL);
+
+ /*
+ * If SYS_UID_MAX is unspecified, we should assume it to be one