-diff -Nur shadow-4.0.3/src/groupadd.c shadow-4.0.3.new/src/groupadd.c
---- shadow-4.0.3/src/groupadd.c 2002-01-06 15:09:07.000000000 +0100
-+++ shadow-4.0.3.new/src/groupadd.c 2003-05-27 20:26:20.000000000 +0200
-@@ -71,6 +71,9 @@
- static int oflg = 0; /* permit non-unique group ID to be specified with -g */
- static int gflg = 0; /* ID value for the new group */
- static int fflg = 0; /* if group already exists, do nothing and exit(0) */
-+static int rflg = 0; /* for adding system accounts */
-+#define MIN_GID 10
-+
-
- #ifdef NDBM
- extern int gr_dbm_mode;
-@@ -98,7 +101,7 @@
-
- static void usage (void)
- {
-- fprintf (stderr, _("usage: groupadd [-g gid [-o]] group\n"));
-+ fprintf(stderr, _("usage: groupadd [-g gid [-o]] [-r] [-f] group\n"));
- exit (E_USAGE);
- }
-
-@@ -224,9 +227,14 @@
- const struct group *grp;
- gid_t gid_min, gid_max;
-
-- gid_min = getdef_unum ("GID_MIN", 100);
-- gid_max = getdef_unum ("GID_MAX", 60000);
--
-+ if (!rflg) {
-+ gid_min = getdef_num("GID_MIN", 500);
-+ gid_max = getdef_num("GID_MAX", 60000);
-+ } else {
-+ gid_min = MIN_GID;
-+ gid_max = getdef_num("GID_MIN", 499);
-+ }
-+
- /*
- * Start with some GID value if the user didn't provide us with
- * one already.
-@@ -333,7 +341,7 @@
- char *cp;
- int arg;
-
-- while ((arg = getopt (argc, argv, "og:O:f")) != EOF) {
-+ while ((arg = getopt(argc, argv, "og:O:fr")) != EOF) {
- switch (arg) {
- case 'g':
- gflg++;
-@@ -379,6 +387,14 @@
- */
- fflg++;
- break;
-+ case 'r':
-+ /*
-+ * create system group
-+ */
-+ rflg++;
-+ break;
-+
-+
- default:
- usage ();
- }
-diff -Nur shadow-4.0.3/src/useradd.c shadow-4.0.3.new/src/useradd.c
---- shadow-4.0.3/src/useradd.c 2002-01-10 14:01:28.000000000 +0100
-+++ shadow-4.0.3.new/src/useradd.c 2003-05-27 20:36:40.000000000 +0200
-@@ -71,10 +71,10 @@
+--- shadow-4.0.6/src/useradd.c 2004-11-18 21:45:00.713398344 +0100
++++ shadow-4.0.16/src/useradd.c 2006-06-08 01:17:05.580340031 +0300
+@@ -72,10 +72,10 @@
/*
* These defaults are used if there is no defaults file.
*/
-static const char *def_home = "/home";
-static const char *def_shell = "";
+static const char *def_home = "/home/users";
-+static const char *def_shell = "/dev/null";
++static const char *def_shell = "/sbin/nologin";
static const char *def_template = SKEL_DIR;
+ static const char *def_create_mail_spool = "no";
- #ifdef SHADOWPWD
-@@ -87,7 +87,7 @@
+@@ -89,7 +89,7 @@
#define VALID(s) (strcspn (s, ":\n") == strlen (s))
static const char *user_name = "";
static uid_t user_id;
static gid_t user_gid;
static const char *user_comment = "";
-@@ -118,9 +118,11 @@
- Gflg = 0, /* secondary group set for new account */
- kflg = 0, /* specify a directory to fill new user directory */
- mflg = 0, /* create user's home directory if it doesn't exist */
-+ Mflg = 0, /* don't create user's home directory */
- nflg = 0, /* create a group having the same name as the user */
- oflg = 0, /* permit non-unique user ID to be specified with -u */
- sflg = 0, /* shell program for new account */
-+ rflg = 0, /* system account */
- uflg = 0; /* specify user ID for new account */
-
- #ifdef AUTH_METHODS
-@@ -177,6 +179,7 @@
- * exit status values
- */
- #define E_SUCCESS 0 /* success */
-+#define E_LOCKING 1 /* locking error */
- #define E_PW_UPDATE 1 /* can't update password file */
- #define E_USAGE 2 /* bad command syntax */
- #define E_BAD_ARG 3 /* invalid argument to option */
-@@ -747,7 +750,7 @@
- #ifdef AUTH_METHODS
- fprintf (stderr, _("[-A program] "));
- #endif
-- fprintf (stderr, _("[-p passwd] name\n"));
-+ fprintf(stderr, _("[-p passwd] [-r] name\n"));
-
- fprintf (stderr,
- _(" %s\t-D [-g group] [-b base] [-s shell]\n"),
-@@ -1006,9 +1009,15 @@
- const struct passwd *pwd;
- uid_t uid_min, uid_max;
-
-- uid_min = getdef_unum ("UID_MIN", 100);
-- uid_max = getdef_unum ("UID_MAX", 60000);
--
-+ if (!rflg) {
-+ uid_min = getdef_unum("UID_MIN", 500);
-+ uid_max = getdef_unum("UID_MAX", 60000);
-+ } else {
-+ uid_min = 1;
-+ uid_max = 949;
-+ }
-+
-+
- /*
- * Start with some UID value if the user didn't provide us with
- * one already.
-@@ -1160,9 +1169,9 @@
- char *cp;
-
- #ifdef SHADOWPWD
--#define FLAGS "A:Du:og:G:d:s:c:mk:p:f:e:b:O:M"
-+#define FLAGS "A:Du:og:G:d:s:c:mk:p:f:e:b:O:Mnr"
- #else
--#define FLAGS "A:Du:og:G:d:s:c:mk:p:b:O:M"
-+#define FLAGS "A:Du:og:G:d:s:c:mk:p:b:O:Mnr"
- #endif
- while ((arg = getopt (argc, argv, FLAGS)) != EOF) {
- #undef FLAGS
-@@ -1328,6 +1337,9 @@
- }
- user_pass = optarg;
- break;
-+ case 'r': /* system account */
-+ rflg++;
-+ break;
- case 's':
- if (!VALID (optarg) || (optarg[0] &&
- (optarg[0] != '/'
-@@ -1355,7 +1367,9 @@
- * Certain options are only valid in combination with others.
- * Check it here so that they can be specified in any order.
- */
-- if ((oflg && !uflg) || (kflg && !mflg))
-+ if (kflg && !mflg)
-+ usage();
-+ if (mflg && Mflg)
- usage ();
-
- /*
+--- shadow-4.5/libmisc/find_new_gid.c~ 2017-01-29 22:37:22.000000000 +0200
++++ shadow-4.5/libmisc/find_new_gid.c 2017-05-17 23:13:32.785253060 +0300
+@@ -61,8 +61,8 @@
+ /* A requested ID is allowed to be below the autoselect range */
+ *preferred_min = (gid_t) 1;
+
+- /* Get the minimum ID range from login.defs or default to 101 */
+- *min_id = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
++ /* Get the minimum ID range from login.defs or default to 10 */
++ *min_id = (gid_t) getdef_ulong ("SYS_GID_MIN", 10UL);
+
+ /*
+ * If SYS_GID_MAX is unspecified, we should assume it to be one
+--- shadow-4.5/libmisc/find_new_uid.c~ 2017-01-29 22:37:22.000000000 +0200
++++ shadow-4.5/libmisc/find_new_uid.c 2017-05-17 23:10:38.366687971 +0300
+@@ -61,8 +61,8 @@
+ /* A requested ID is allowed to be below the autoselect range */
+ *preferred_min = (uid_t) 1;
+
+- /* Get the minimum ID range from login.defs or default to 101 */
+- *min_id = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL);
++ /* Get the minimum ID range from login.defs or default to 1 */
++ *min_id = (uid_t) getdef_ulong ("SYS_UID_MIN", 1UL);
+
+ /*
+ * If SYS_UID_MAX is unspecified, we should assume it to be one