-diff -Nur shadow-4.0.3.orig/lib/getdef.c shadow-4.0.3/lib/getdef.c
---- shadow-4.0.3.orig/lib/getdef.c 2002-01-06 15:08:00.000000000 +0100
-+++ shadow-4.0.3/lib/getdef.c 2003-06-20 19:34:37.000000000 +0200
-@@ -113,6 +113,10 @@
- { "SYSLOG_SG_ENAB", NULL },
- { "SYSLOG_SU_ENAB", NULL },
- #endif
-+ { "SYS_GID_MAX", NULL },
-+ { "SYS_GID_MIN", NULL },
-+ { "SYS_UID_MAX", NULL },
-+ { "SYS_UID_MIN", NULL },
- { "TTYGROUP", NULL },
- { "TTYPERM", NULL },
- { "TTYTYPE_FILE", NULL },
-diff -Nur shadow-4.0.3.orig/man/groupadd.8 shadow-4.0.3/man/groupadd.8
---- shadow-4.0.3.orig/man/groupadd.8 2003-06-20 19:06:15.000000000 +0200
-+++ shadow-4.0.3/man/groupadd.8 2003-06-20 19:29:11.000000000 +0200
-@@ -29,7 +29,7 @@
- .SH NAME
- groupadd \- Create a new group
- .SH SYNOPSIS
--\fBgroupadd\fR [\fB-g\fI gid \fR[\fB-o\fR]] [\fB-f\fR] \fIgroup\fR
-+\fBgroupadd\fR [\fB-g\fI gid \fR[\fB-o\fR]] [\fB-f\fR] [\fB-r\fR] \fIgroup\fR
- .SH DESCRIPTION
- The \fBgroupadd\fR command
- creates a new group account using the values specified on the
-@@ -47,6 +47,9 @@
- This option causes to just exit with success status if the specified
- group already exists. With \fB-g\fR, if specified gid already exists,
- other (unique) gid is chosen (i.e. \fB-g\fR is turned off).
-+.IP "\fB-r\fR"
-+This flag is used to create a system group, with gid lower than usual
-+(chosen between SYS_GID_MIN and SYS_GID_MAX).
- .SH FILES
- /etc/group \- group account information
- .br
-diff -Nur shadow-4.0.3.orig/man/pl/groupadd.8 shadow-4.0.3/man/pl/groupadd.8
---- shadow-4.0.3.orig/man/pl/groupadd.8 2003-06-20 19:06:15.000000000 +0200
-+++ shadow-4.0.3/man/pl/groupadd.8 2003-06-20 19:40:17.000000000 +0200
-@@ -30,7 +30,7 @@
- .SH NAZWA
- groupadd - twórz now± grupê
- .SH SK£ADNIA
--\fBgroupadd\fR [\fB-g\fR \fIgid\fR [\fB-o\fR]] [\fB-f\fR] \fIgrupa\fR
-+\fBgroupadd\fR [\fB-g\fR \fIgid\fR [\fB-o\fR]] [\fB-f\fR] [\fB-r\fR] \fIgrupa\fR
- .SH OPIS
- Polecenie \fBgroupadd\fR tworzy nowe konto grupy pos³uguj±c siê
- warto¶ciami podanymi w wierszu poleceñ i domy¶lnymi warto¶ciami z systemu.
-@@ -48,6 +48,10 @@
- Ta opcja powoduje zakoñczenie programu ze statusem oznaczaj±cym sukces je¶li
- podana groupa ju¿ istnieje. Z opcj± \fB-g\fR, je¶li podany gid ju¿ istnieje,
- wybierany jest inny (unikalny) gid (czyli \fB-g\fR jest wy³±czane).
-+.TP
-+.BI -r
-+Ta opcja s³u¿y do zak³adania grup systemowych, z identyfikatorami ni¿szymi
-+ni¿ zwykle (wybieranymi z przedzia³u od SYS_GID_MIN do SYS_GID_MAX).
- .SH PLIKI
- .IR /etc/group " - informacja o kontach grup"
- .br
-diff -Nur shadow-4.0.3.orig/man/pl/useradd.8 shadow-4.0.3/man/pl/useradd.8
---- shadow-4.0.3.orig/man/pl/useradd.8 2003-06-20 19:06:15.000000000 +0200
-+++ shadow-4.0.3/man/pl/useradd.8 2003-06-20 19:41:22.000000000 +0200
-@@ -106,12 +106,9 @@
- .IP "\fB-p \fIpasswd\fR"
- Zakodowane has³o w postaci zwracanej przez \fBcrypt\fR(3).
- Domy¶lnym dzia³aniem jest blokowanie konta.
--.\" .IP \fB-r\fR
--.\" Tworzenie konta systemowego. Ta opcja pozwala na utworzenie konta o UID
--.\" ni¿szym ni¿ UID_MIN zdefiniowane w fI/etc/login.defs\fR. O ile nie poda siê
--.\" dodatkowo opcji \fB-m\fR nie jest tworzony katalog domowy dla tak tworzonego
--.\" u¿ytkownika niezale¿nie od tego czy tworzenie katalogu jest ustawione czy
--.\" nie w \fI/etc/login.defs\fR.
-+.IP \fB-r\fR
-+Tworzenie konta systemowego, z identyfikatorem ni¿szym ni¿ zwykle
-+(wybieranym z przedzia³u od SYS_UID_MIN do SYS_UID_MAX).
- .IP "\fB-s \fIpow³oka\fR"
- Nazwa pow³oki (shell) u¿ytkownika. Ustawienie tego pola na puste
- powoduje, ¿e system wybierze domy¶ln± pow³okê logowania.
-diff -Nur shadow-4.0.3.orig/man/useradd.8 shadow-4.0.3/man/useradd.8
---- shadow-4.0.3.orig/man/useradd.8 2002-03-08 05:39:12.000000000 +0100
-+++ shadow-4.0.3/man/useradd.8 2003-06-20 19:32:04.000000000 +0200
-@@ -38,7 +38,7 @@
- .br
- [\fB-m\fR [\fB-k\fR \fIskeleton_dir\fR]] [\fB-o\fR] [\fB-p\fR \fIpasswd\fR]
- .br
--[\fB-s\fR \fIshell\fR] [\fB-u\fR \fIuid\fR] \fIlogin\fR
-+[\fB-r\fR] [\fB-s\fR \fIshell\fR] [\fB-u\fR \fIuid\fR] \fIlogin\fR
- .TP 8
- \fBuseradd\fR \fB-D\fR [\fB-g\fI default_group\fR] [\fB-b\fI default_home\fR]
- .br
-@@ -100,6 +100,9 @@
- .IP "\fB-p \fIpasswd\fR"
- The encrypted password, as returned by \fBcrypt\fR(3).
- The default is to disable the account.
-+.IP "\fB-r\fR"
-+This flag is used to create a system account, with uid lower than
-+usual (chosen between SYS_UID_MIN and SYS_UID_MAX).
- .IP "\fB-s \fIshell\fR"
- The name of the user's login shell.
- The default is to leave this field blank, which causes the system
-diff -Nur shadow-4.0.3.orig/po/cs.po shadow-4.0.3/po/cs.po
---- shadow-4.0.3.orig/po/cs.po 2003-06-20 19:06:15.000000000 +0200
-+++ shadow-4.0.3/po/cs.po 2003-06-20 19:23:08.000000000 +0200
-@@ -865,8 +865,8 @@
- msgstr "%s: nelze aktualizovat soubory s DBM databázemi stínových hesel\n"
-
- #: src/groupadd.c:101
--msgid "usage: groupadd [-g gid [-o]] [-f] group\n"
--msgstr "Pou¾ití: groupadd [-g gid [-o]] [-f] skupina\n"
-+msgid "usage: groupadd [-g gid [-o]] [-f] [-r] group\n"
-+msgstr "Pou¾ití: groupadd [-g gid [-o]] [-f] [-r] skupina\n"
-
- #: src/groupadd.c:167 src/groupadd.c:192 src/groupmod.c:179 src/groupmod.c:228
- #: src/useradd.c:970 src/usermod.c:552 src/usermod.c:695
-@@ -1982,8 +1982,8 @@
- msgstr "[-A program] "
-
- #: src/useradd.c:750
--msgid "[-p passwd] name\n"
--msgstr "[-p heslo] jméno\n"
-+msgid "[-p passwd] [-r] name\n"
-+msgstr "[-p heslo] [-r] jméno\n"
-
- #: src/useradd.c:753
- #, c-format
-diff -Nur shadow-4.0.3.orig/po/de.po shadow-4.0.3/po/de.po
---- shadow-4.0.3.orig/po/de.po 2003-06-20 19:06:15.000000000 +0200
-+++ shadow-4.0.3/po/de.po 2003-06-20 19:23:24.000000000 +0200
-@@ -867,8 +867,8 @@
- msgstr "%s : DBM-Shadow-Dateien können nicht aktualisiert werden\n"
-
- #: src/groupadd.c:101
--msgid "usage: groupadd [-g gid [-o]] [-f] group\n"
--msgstr "Syntax: groupadd [-g gid [-o]] [-f] Gruppe\n"
-+msgid "usage: groupadd [-g gid [-o]] [-f] [-r] group\n"
-+msgstr "Syntax: groupadd [-g gid [-o]] [-f] [-r] Gruppe\n"
-
- #: src/groupadd.c:167 src/groupadd.c:192 src/groupmod.c:179 src/groupmod.c:228
- #: src/useradd.c:970 src/usermod.c:552 src/usermod.c:695
-@@ -1988,8 +1988,8 @@
- msgstr "[-A Programm] "
-
- #: src/useradd.c:750
--msgid "[-p passwd] name\n"
--msgstr "[-p Kennwort] Name\n"
-+msgid "[-p passwd] [-r] name\n"
-+msgstr "[-p Kennwort] [-r] Name\n"
-
- #: src/useradd.c:753
- #, c-format
-diff -Nur shadow-4.0.3.orig/po/el.po shadow-4.0.3/po/el.po
---- shadow-4.0.3.orig/po/el.po 2003-06-20 19:06:16.000000000 +0200
-+++ shadow-4.0.3/po/el.po 2003-06-20 19:23:39.000000000 +0200
-@@ -872,8 +872,8 @@
- msgstr "%s: áäõíáìßá áíáíÝùóçò ôùí DBM áñ÷åßùí óêéùäþí óõíèçìáôéêþí\n"
-
- #: src/groupadd.c:101
--msgid "usage: groupadd [-g gid [-o]] [-f] group\n"
--msgstr "÷ñÞóç: groupadd [-g gid [-o]] [-f] ïìÜäá\n"
-+msgid "usage: groupadd [-g gid [-o]] [-f] [-r] group\n"
-+msgstr "÷ñÞóç: groupadd [-g gid [-o]] [-f] [-r] ïìÜäá\n"
-
- #: src/groupadd.c:167 src/groupadd.c:192 src/groupmod.c:179 src/groupmod.c:228
- #: src/useradd.c:970 src/usermod.c:552 src/usermod.c:695
-@@ -2009,8 +2009,8 @@
- msgstr "[-A ðñüãñáììá] "
-
- #: src/useradd.c:750
--msgid "[-p passwd] name\n"
--msgstr "[-p óõíèçìáôéêü] üíïìá\n"
-+msgid "[-p passwd] [-r] name\n"
-+msgstr "[-p óõíèçìáôéêü] [-r] üíïìá\n"
-
- #: src/useradd.c:753
- #, c-format
-diff -Nur shadow-4.0.3.orig/po/fr.po shadow-4.0.3/po/fr.po
---- shadow-4.0.3.orig/po/fr.po 2003-06-20 19:06:16.000000000 +0200
-+++ shadow-4.0.3/po/fr.po 2003-06-20 19:23:52.000000000 +0200
-@@ -869,8 +869,8 @@
- msgstr "%s : impossible de mettre à jours les fichiers DBM shadow\n"
-
- #: src/groupadd.c:101
--msgid "usage: groupadd [-g gid [-o]] [-f] group\n"
--msgstr "usage: groupadd [-g gid [-o]] [-f] groupe\n"
-+msgid "usage: groupadd [-g gid [-o]] [-f] [-r] group\n"
-+msgstr "usage: groupadd [-g gid [-o]] [-f] [-r] groupe\n"
-
- #: src/groupadd.c:167 src/groupadd.c:192 src/groupmod.c:179 src/groupmod.c:228
- #: src/useradd.c:970 src/usermod.c:552 src/usermod.c:695
-@@ -1988,8 +1988,8 @@
- msgstr "[-A program] "
-
- #: src/useradd.c:750
--msgid "[-p passwd] name\n"
--msgstr "[-p mot-de-passe] nom\n"
-+msgid "[-p passwd] [-r] name\n"
-+msgstr "[-p mot-de-passe] [-r] nom\n"
-
- #: src/useradd.c:753
- #, c-format
-diff -Nur shadow-4.0.3.orig/po/ja.po shadow-4.0.3/po/ja.po
---- shadow-4.0.3.orig/po/ja.po 2003-06-20 19:06:16.000000000 +0200
-+++ shadow-4.0.3/po/ja.po 2003-06-20 19:24:06.000000000 +0200
-@@ -867,8 +867,8 @@
- msgstr "%s: DBM ¥·¥ã¥É¥¦¡¦¥Õ¥¡¥¤¥ë¤ò¹¹¿·¤Ç¤¤Þ¤»¤ó\n"
-
- #: src/groupadd.c:101
--msgid "usage: groupadd [-g gid [-o]] [-f] group\n"
--msgstr "»ÈÍÑË¡: groupadd [-g ¥°¥ë¡¼¥×ID [-o]] [-f] ¥°¥ë¡¼¥×\n"
-+msgid "usage: groupadd [-g gid [-o]] [-f] [-r] group\n"
-+msgstr "»ÈÍÑË¡: groupadd [-g ¥°¥ë¡¼¥×ID [-o]] [-f] [-r] ¥°¥ë¡¼¥×\n"
-
- #: src/groupadd.c:167 src/groupadd.c:192 src/groupmod.c:179 src/groupmod.c:228
- #: src/useradd.c:970 src/usermod.c:552 src/usermod.c:695
-@@ -1979,8 +1979,8 @@
- msgstr "[-A ¥×¥í¥°¥é¥à] "
-
- #: src/useradd.c:750
--msgid "[-p passwd] name\n"
--msgstr "[-p ¥Ñ¥¹¥ï¡¼¥É] ¥æ¡¼¥¶Ì¾\n"
-+msgid "[-p passwd] [-r] name\n"
-+msgstr "[-p ¥Ñ¥¹¥ï¡¼¥É] [-r] ¥æ¡¼¥¶Ì¾\n"
-
- #: src/useradd.c:753
- #, c-format
-diff -Nur shadow-4.0.3.orig/po/ko.po shadow-4.0.3/po/ko.po
---- shadow-4.0.3.orig/po/ko.po 2003-06-20 19:06:16.000000000 +0200
-+++ shadow-4.0.3/po/ko.po 2003-06-20 19:25:14.000000000 +0200
-@@ -862,8 +862,8 @@
- msgstr "%s: DBM ½¦µµ¿ì ÆÄÀÏÀ» ¾÷µ¥ÀÌÆ® ÇÒ ¼ö ¾ø½À´Ï´Ù\n"
-
- #: src/groupadd.c:101
--msgid "usage: groupadd [-g gid [-o]] [-f] group\n"
--msgstr "»ç¿ë¹ý: groupadd [-g gid(±×·ì ¾ÆÀ̵ð) [-o]] [-f] ±×·ì¸í\n"
-+msgid "usage: groupadd [-g gid [-o]] [-f] [-r] group\n"
-+msgstr "»ç¿ë¹ý: groupadd [-g gid(±×·ì ¾ÆÀ̵ð) [-o]] [-f] [-r] ±×·ì¸í\n"
-
- #: src/groupadd.c:167 src/groupadd.c:192 src/groupmod.c:179 src/groupmod.c:228
- #: src/useradd.c:970 src/usermod.c:552 src/usermod.c:695
-@@ -1978,8 +1978,8 @@
- msgstr "[-A ÇÁ·Î±×·¥] "
-
- #: src/useradd.c:750
--msgid "[-p passwd] name\n"
--msgstr "[-p Æнº¿öµå] À̸§\n"
-+msgid "[-p passwd] [-r] name\n"
-+msgstr "[-p Æнº¿öµå] [-r] À̸§\n"
-
- #: src/useradd.c:753
- #, c-format
-diff -Nur shadow-4.0.3.orig/po/pl.po shadow-4.0.3/po/pl.po
---- shadow-4.0.3.orig/po/pl.po 2003-06-20 19:06:16.000000000 +0200
-+++ shadow-4.0.3/po/pl.po 2003-06-20 19:25:27.000000000 +0200
-@@ -865,8 +865,8 @@
- msgstr "%s: nie mogê zaktualizowaæ pliku DBM z ukrytymi has³ami\n"
-
- #: src/groupadd.c:101
--msgid "usage: groupadd [-g gid [-o]] [-f] group\n"
--msgstr "u¿ycie: groupadd [-g gid [-o]] [-f] grupa\n"
-+msgid "usage: groupadd [-g gid [-o]] [-f] [-r] group\n"
-+msgstr "u¿ycie: groupadd [-g gid [-o]] [-f] [-r] grupa\n"
-
- #: src/groupadd.c:167 src/groupadd.c:192 src/groupmod.c:179 src/groupmod.c:228
- #: src/useradd.c:970 src/usermod.c:552 src/usermod.c:695
-@@ -1979,8 +1979,8 @@
- msgstr "[-A program] "
-
- #: src/useradd.c:750
--msgid "[-p passwd] name\n"
--msgstr "[-p has³o] nazwa\n"
-+msgid "[-p passwd] [-r] name\n"
-+msgstr "[-p has³o] [-r] nazwa\n"
-
- #: src/useradd.c:753
- #, c-format
-diff -Nur shadow-4.0.3.orig/po/sv.po shadow-4.0.3/po/sv.po
---- shadow-4.0.3.orig/po/sv.po 2003-06-20 19:06:16.000000000 +0200
-+++ shadow-4.0.3/po/sv.po 2003-06-20 19:26:10.000000000 +0200
-@@ -864,8 +864,8 @@
- msgstr "%s: kan inte uppdatera DBM-skuggfiler\n"
-
- #: src/groupadd.c:101
--msgid "usage: groupadd [-g gid [-o]] [-f] group\n"
--msgstr "Användning: groupadd [-g gid [-o]] [-f] grupp\n"
-+msgid "usage: groupadd [-g gid [-o]] [-f] [-r] group\n"
-+msgstr "Användning: groupadd [-g gid [-o]] [-f] [-r] grupp\n"
-
- #: src/groupadd.c:167 src/groupadd.c:192 src/groupmod.c:179 src/groupmod.c:228
- #: src/useradd.c:970 src/usermod.c:552 src/usermod.c:695
-@@ -1977,8 +1977,8 @@
- msgstr "[-A program] "
-
- #: src/useradd.c:750
--msgid "[-p passwd] name\n"
--msgstr "[-p passwd] namn\n"
-+msgid "[-p passwd] [-r] name\n"
-+msgstr "[-p passwd] [-r] namn\n"
-
- #: src/useradd.c:753
- #, c-format
-diff -Nur shadow-4.0.3.orig/po/uk.po shadow-4.0.3/po/uk.po
---- shadow-4.0.3.orig/po/uk.po 2003-06-20 19:06:16.000000000 +0200
-+++ shadow-4.0.3/po/uk.po 2003-06-20 19:26:33.000000000 +0200
-@@ -868,8 +868,8 @@
- msgstr "%s: ÎÅ ÍÏÖÕ ÏÎÏ×ÉÔÉ DBM ÆÁÊÌ Ú ÐÒÉÈÏ×ÁÎÉÍÉ ÐÁÒÏÌÑÍÉ\n"
-
- #: src/groupadd.c:101
--msgid "usage: groupadd [-g gid [-o]] [-f] group\n"
--msgstr "×ÉËÏÒÉÓÔÏ×ÕÊÔÅ: groupadd [-g gid [-o]] [-f] ÇÒÕÐÁ\n"
-+msgid "usage: groupadd [-g gid [-o]] [-f] [-r] group\n"
-+msgstr "×ÉËÏÒÉÓÔÏ×ÕÊÔÅ: groupadd [-g gid [-o]] [-f] [-r] ÇÒÕÐÁ\n"
-
- #: src/groupadd.c:167 src/groupadd.c:192 src/groupmod.c:179 src/groupmod.c:228
- #: src/useradd.c:970 src/usermod.c:552 src/usermod.c:695
-@@ -1984,8 +1984,8 @@
- msgstr "[-A ÐÒÏÇÒÁÍÁ] "
-
- #: src/useradd.c:750
--msgid "[-p passwd] name\n"
--msgstr "[-p ÐÁÒÏÌØ] ¦Í'Ñ\n"
-+msgid "[-p passwd] [-r] name\n"
-+msgstr "[-p ÐÁÒÏÌØ] [-r] ¦Í'Ñ\n"
-
- #: src/useradd.c:753
- #, c-format
-diff -Nur shadow-4.0.3.orig/src/groupadd.c shadow-4.0.3/src/groupadd.c
---- shadow-4.0.3.orig/src/groupadd.c 2003-06-20 19:06:16.000000000 +0200
-+++ shadow-4.0.3/src/groupadd.c 2003-06-20 19:21:43.000000000 +0200
-@@ -71,6 +71,7 @@
- static int oflg = 0; /* permit non-unique group ID to be specified with -g */
- static int gflg = 0; /* ID value for the new group */
- static int fflg = 0; /* if group already exists, do nothing and exit(0) */
-+static int rflg = 0; /* add system group (with lower gid) */
-
- #ifdef NDBM
- extern int gr_dbm_mode;
-@@ -98,7 +99,7 @@
-
- static void usage (void)
- {
-- fprintf (stderr, _("usage: groupadd [-g gid [-o]] [-f] group\n"));
-+ fprintf (stderr, _("usage: groupadd [-g gid [-o]] [-f] [-r] group\n"));
- exit (E_USAGE);
- }
-
-@@ -224,8 +225,13 @@
- const struct group *grp;
- gid_t gid_min, gid_max;
-
-- gid_min = getdef_unum ("GID_MIN", 100);
-- gid_max = getdef_unum ("GID_MAX", 60000);
-+ if (!rflg) {
-+ gid_min = getdef_unum ("GID_MIN", 500);
-+ gid_max = getdef_unum ("GID_MAX", 60000);
-+ } else {
-+ gid_min = getdef_unum ("SYS_GID_MIN", 10);
-+ gid_max = getdef_unum ("SYS_GID_MAX", 499);
-+ }
-
- /*
- * Start with some GID value if the user didn't provide us with
-@@ -333,7 +339,7 @@
- char *cp;
- int arg;
-
-- while ((arg = getopt (argc, argv, "og:O:f")) != EOF) {
-+ while ((arg = getopt (argc, argv, "og:O:fr")) != EOF) {
- switch (arg) {
- case 'g':
- gflg++;
-@@ -379,6 +385,12 @@
- */
- fflg++;
- break;
-+ case 'r':
-+ /*
-+ * create system group
-+ */
-+ rflg++;
-+ break;
- default:
- usage ();
- }
-diff -Nur shadow-4.0.3.orig/src/useradd.c shadow-4.0.3/src/useradd.c
---- shadow-4.0.3.orig/src/useradd.c 2002-01-10 14:01:28.000000000 +0100
-+++ shadow-4.0.3/src/useradd.c 2003-06-20 19:19:40.000000000 +0200
-@@ -71,10 +71,10 @@
- /*
- * These defaults are used if there is no defaults file.
+--- shadow-4.12.3/src/useradd.c~ 2022-08-22 18:27:55.000000000 +0300
++++ shadow-4.12.3/src/useradd.c 2022-08-22 18:27:58.336079332 +0300
+@@ -81,8 +81,8 @@
*/
--static gid_t def_group = 100;
-+static gid_t def_group = 1000;
+ static gid_t def_group = 1000;
static const char *def_gname = "other";
-static const char *def_home = "/home";
--static const char *def_shell = "";
+-static const char *def_shell = "/bin/bash";
+static const char *def_home = "/home/users";
-+static const char *def_shell = "/dev/null";
++static const char *def_shell = "/sbin/nologin";
static const char *def_template = SKEL_DIR;
-
- #ifdef SHADOWPWD
-@@ -87,7 +87,7 @@
+ static const char *def_create_mail_spool = "yes";
+ static const char *def_log_init = "yes";
+@@ -89,7 +89,7 @@
#define VALID(s) (strcspn (s, ":\n") == strlen (s))
static const char *user_name = "";
static uid_t user_id;
static gid_t user_gid;
static const char *user_comment = "";
-@@ -120,6 +120,7 @@
- mflg = 0, /* create user's home directory if it doesn't exist */
- nflg = 0, /* create a group having the same name as the user */
- oflg = 0, /* permit non-unique user ID to be specified with -u */
-+ rflg = 0, /* create system account (with lower uid) */
- sflg = 0, /* shell program for new account */
- uflg = 0; /* specify user ID for new account */
-
-@@ -747,7 +748,7 @@
- #ifdef AUTH_METHODS
- fprintf (stderr, _("[-A program] "));
- #endif
-- fprintf (stderr, _("[-p passwd] name\n"));
-+ fprintf (stderr, _("[-p passwd] [-r] name\n"));
-
- fprintf (stderr,
- _(" %s\t-D [-g group] [-b base] [-s shell]\n"),
-@@ -1006,8 +1007,13 @@
- const struct passwd *pwd;
- uid_t uid_min, uid_max;
-
-- uid_min = getdef_unum ("UID_MIN", 100);
-- uid_max = getdef_unum ("UID_MAX", 60000);
-+ if (!rflg) {
-+ uid_min = getdef_unum ("UID_MIN", 500);
-+ uid_max = getdef_unum ("UID_MAX", 60000);
-+ } else {
-+ uid_min = getdef_unum ("SYS_UID_MIN", 1);
-+ uid_max = getdef_unum ("SYS_UID_MAX", 499);
-+ }
-
- /*
- * Start with some UID value if the user didn't provide us with
-@@ -1160,9 +1166,9 @@
- char *cp;
-
- #ifdef SHADOWPWD
--#define FLAGS "A:Du:og:G:d:s:c:mk:p:f:e:b:O:M"
-+#define FLAGS "A:Du:og:G:d:s:c:mk:p:f:e:b:O:Mr"
- #else
--#define FLAGS "A:Du:og:G:d:s:c:mk:p:b:O:M"
-+#define FLAGS "A:Du:og:G:d:s:c:mk:p:b:O:Mr"
- #endif
- while ((arg = getopt (argc, argv, FLAGS)) != EOF) {
- #undef FLAGS
-@@ -1328,6 +1334,9 @@
- }
- user_pass = optarg;
- break;
-+ case 'r': /* create system account */
-+ rflg++;
-+ break;
- case 's':
- if (!VALID (optarg) || (optarg[0] &&
- (optarg[0] != '/'
+--- shadow-4.5/libmisc/find_new_gid.c~ 2017-01-29 22:37:22.000000000 +0200
++++ shadow-4.5/libmisc/find_new_gid.c 2017-05-17 23:13:32.785253060 +0300
+@@ -61,8 +61,8 @@
+ /* A requested ID is allowed to be below the autoselect range */
+ *preferred_min = (gid_t) 1;
+
+- /* Get the minimum ID range from login.defs or default to 101 */
+- *min_id = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
++ /* Get the minimum ID range from login.defs or default to 10 */
++ *min_id = (gid_t) getdef_ulong ("SYS_GID_MIN", 10UL);
+
+ /*
+ * If SYS_GID_MAX is unspecified, we should assume it to be one
+--- shadow-4.5/libmisc/find_new_uid.c~ 2017-01-29 22:37:22.000000000 +0200
++++ shadow-4.5/libmisc/find_new_uid.c 2017-05-17 23:10:38.366687971 +0300
+@@ -61,8 +61,8 @@
+ /* A requested ID is allowed to be below the autoselect range */
+ *preferred_min = (uid_t) 1;
+
+- /* Get the minimum ID range from login.defs or default to 101 */
+- *min_id = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL);
++ /* Get the minimum ID range from login.defs or default to 1 */
++ *min_id = (uid_t) getdef_ulong ("SYS_UID_MIN", 1UL);
+
+ /*
+ * If SYS_UID_MAX is unspecified, we should assume it to be one