-diff -Nur shadow-4.0.0.orig/src/groupadd.c shadow-4.0.0/src/groupadd.c
---- shadow-4.0.0.orig/src/groupadd.c Mon Oct 9 21:02:20 2000
-+++ shadow-4.0.0/src/groupadd.c Thu Oct 18 10:41:15 2001
-@@ -78,6 +78,8 @@
- static int oflg = 0; /* permit non-unique group ID to be specified with -g */
- static int gflg = 0; /* ID value for the new group */
- static int fflg = 0; /* if group already exists, do nothing and exit(0) */
-+static int rflg = 0; /* for adding system accounts */
-+#define MIN_GID 10
-
- #ifdef NDBM
- extern int gr_dbm_mode;
-@@ -108,7 +110,7 @@
- static void
- usage(void)
- {
-- fprintf(stderr, _("usage: groupadd [-g gid [-o]] group\n"));
-+ fprintf(stderr, _("usage: groupadd [-g gid [-o]] [-r] [-f] group\n"));
- exit(E_USAGE);
- }
-
-@@ -233,8 +235,13 @@
- const struct group *grp;
- gid_t gid_min, gid_max;
-
-- gid_min = getdef_num("GID_MIN", 100);
-+ if (!rflg) {
-+ gid_min = getdef_num("GID_MIN", 500);
- gid_max = getdef_num("GID_MAX", 60000);
-+ } else {
-+ gid_min = MIN_GID;
-+ gid_max = getdef_num("GID_MIN", 499);
-+ }
-
- /*
- * Start with some GID value if the user didn't provide us with
-@@ -344,7 +351,7 @@
- char *cp;
- int arg;
-
-- while ((arg = getopt(argc, argv, "og:O:f")) != EOF) {
-+ while ((arg = getopt(argc, argv, "og:O:fr")) != EOF) {
- switch (arg) {
- case 'g':
- gflg++;
-@@ -389,6 +396,12 @@
- */
- fflg++;
- break;
-+ case 'r':
-+ /*
-+ * create system group
-+ */
-+ rflg++;
-+ break;
- default:
- usage();
- }
-diff -Nur shadow-4.0.0.orig/src/useradd.c shadow-4.0.0/src/useradd.c
---- shadow-4.0.0.orig/src/useradd.c Fri Sep 7 17:12:54 2001
-+++ shadow-4.0.0/src/useradd.c Thu Oct 18 10:51:10 2001
-@@ -78,10 +78,10 @@
- /*
- * These defaults are used if there is no defaults file.
+--- shadow-4.12.3/src/useradd.c~ 2022-08-22 18:27:55.000000000 +0300
++++ shadow-4.12.3/src/useradd.c 2022-08-22 18:27:58.336079332 +0300
+@@ -81,8 +81,8 @@
*/
--static gid_t def_group = 100;
-+static gid_t def_group = 1000;
+ static gid_t def_group = 1000;
static const char *def_gname = "other";
-static const char *def_home = "/home";
--static const char *def_shell = "";
+-static const char *def_shell = "/bin/bash";
+static const char *def_home = "/home/users";
-+static const char *def_shell = "/dev/null";
++static const char *def_shell = "/sbin/nologin";
static const char *def_template = SKEL_DIR;
- #ifdef SHADOWPWD
- static long def_inactive = -1;
-@@ -93,7 +93,7 @@
+ static const char *def_create_mail_spool = "yes";
+ static const char *def_log_init = "yes";
+@@ -89,7 +89,7 @@
#define VALID(s) (strcspn (s, ":\n") == strlen (s))
static const char *user_name = "";
static uid_t user_id;
static gid_t user_gid;
static const char *user_comment = "";
-@@ -122,10 +122,12 @@
- sflg = 0, /* shell program for new account */
- cflg = 0, /* comment (GECOS) field for new account */
- mflg = 0, /* create user's home directory if it doesn't exist */
-+ Mflg = 0, /* don't create user's home directory */
- kflg = 0, /* specify a directory to fill new user directory */
- fflg = 0, /* days until account with expired password is locked */
- eflg = 0, /* days since 1970-01-01 when account is locked */
- Dflg = 0, /* set/show new user default values */
-+ rflg = 0, /* system account */
- nflg = 0; /* create a group having the same name as the user */
-
- #ifdef AUTH_METHODS
-@@ -179,6 +181,7 @@
- * exit status values
- */
- #define E_SUCCESS 0 /* success */
-+#define E_LOCKING 1 /* locking error */
- #define E_PW_UPDATE 1 /* can't update password file */
- #define E_USAGE 2 /* bad command syntax */
- #define E_BAD_ARG 3 /* invalid argument to option */
-@@ -728,7 +731,7 @@
- #ifdef AUTH_METHODS
- fprintf(stderr, _("[-A program] "));
- #endif
-- fprintf(stderr, _("[-p passwd] name\n"));
-+ fprintf(stderr, _("[-p passwd] [-n] [-r] name\n"));
-
- fprintf(stderr, _(" %s\t-D [-g group] [-b base] [-s shell]\n"),
- Prog);
-@@ -985,9 +988,14 @@
- {
- const struct passwd *pwd;
- uid_t uid_min, uid_max;
--
-- uid_min = getdef_num("UID_MIN", 100);
-+
-+ if (!rflg) {
-+ uid_min = getdef_num("UID_MIN", 500);
- uid_max = getdef_num("UID_MAX", 60000);
-+ } else {
-+ uid_min = 1;
-+ uid_max = 949;
-+ }
-
- /*
- * Start with some UID value if the user didn't provide us with
-@@ -1143,9 +1151,9 @@
- char *cp;
-
- #ifdef SHADOWPWD
--#define FLAGS "A:Du:og:G:d:s:c:mk:p:f:e:b:O:M"
-+#define FLAGS "A:Du:og:G:d:s:c:mk:p:f:e:b:O:Mnr"
- #else
--#define FLAGS "A:Du:og:G:d:s:c:mk:p:b:O:M"
-+#define FLAGS "A:Du:og:G:d:s:c:mk:p:b:O:Mnr"
- #endif
- while ((arg = getopt(argc, argv, FLAGS)) != EOF) {
- #undef FLAGS
-@@ -1278,6 +1286,9 @@
- case 'o':
- oflg++;
- break;
-+ case 'n':
-+ nflg++;
-+ break;
- case 'O':
- /*
- * override login.defs defaults (-O name=value)
-@@ -1304,6 +1315,9 @@
- }
- user_pass = optarg;
- break;
-+ case 'r': /* system account */
-+ rflg++;
-+ break;
- case 's':
- if (!VALID(optarg) || (optarg[0] &&
- (optarg[0] != '/' && optarg[0] != '*'))) {
-@@ -1329,7 +1343,9 @@
- * Certain options are only valid in combination with others.
- * Check it here so that they can be specified in any order.
- */
-- if ((oflg && !uflg) || (kflg && !mflg))
-+ if (kflg && !mflg)
-+ usage();
-+ if (mflg && Mflg)
- usage();
-
- /*
+--- shadow-4.5/libmisc/find_new_gid.c~ 2017-01-29 22:37:22.000000000 +0200
++++ shadow-4.5/libmisc/find_new_gid.c 2017-05-17 23:13:32.785253060 +0300
+@@ -61,8 +61,8 @@
+ /* A requested ID is allowed to be below the autoselect range */
+ *preferred_min = (gid_t) 1;
+
+- /* Get the minimum ID range from login.defs or default to 101 */
+- *min_id = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
++ /* Get the minimum ID range from login.defs or default to 10 */
++ *min_id = (gid_t) getdef_ulong ("SYS_GID_MIN", 10UL);
+
+ /*
+ * If SYS_GID_MAX is unspecified, we should assume it to be one
+--- shadow-4.5/libmisc/find_new_uid.c~ 2017-01-29 22:37:22.000000000 +0200
++++ shadow-4.5/libmisc/find_new_uid.c 2017-05-17 23:10:38.366687971 +0300
+@@ -61,8 +61,8 @@
+ /* A requested ID is allowed to be below the autoselect range */
+ *preferred_min = (uid_t) 1;
+
+- /* Get the minimum ID range from login.defs or default to 101 */
+- *min_id = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL);
++ /* Get the minimum ID range from login.defs or default to 1 */
++ *min_id = (uid_t) getdef_ulong ("SYS_UID_MIN", 1UL);
+
+ /*
+ * If SYS_UID_MAX is unspecified, we should assume it to be one