-diff -Nur shadow-4.0.0.orig/src/groupadd.c shadow-4.0.0/src/groupadd.c
---- shadow-4.0.0.orig/src/groupadd.c Mon Oct 9 21:02:20 2000
-+++ shadow-4.0.0/src/groupadd.c Thu Oct 18 10:41:15 2001
-@@ -78,6 +78,8 @@
- static int oflg = 0; /* permit non-unique group ID to be specified with -g */
- static int gflg = 0; /* ID value for the new group */
- static int fflg = 0; /* if group already exists, do nothing and exit(0) */
-+static int rflg = 0; /* for adding system accounts */
-+#define MIN_GID 10
-
- #ifdef NDBM
- extern int gr_dbm_mode;
-@@ -108,7 +110,7 @@
- static void
- usage(void)
- {
-- fprintf(stderr, _("usage: groupadd [-g gid [-o]] group\n"));
-+ fprintf(stderr, _("usage: groupadd [-g gid [-o]] [-r] [-f] group\n"));
- exit(E_USAGE);
- }
-
-@@ -233,8 +235,13 @@
- const struct group *grp;
- gid_t gid_min, gid_max;
-
-- gid_min = getdef_num("GID_MIN", 100);
-+ if (!rflg) {
-+ gid_min = getdef_num("GID_MIN", 500);
- gid_max = getdef_num("GID_MAX", 60000);
-+ } else {
-+ gid_min = MIN_GID;
-+ gid_max = getdef_num("GID_MIN", 499);
-+ }
-
- /*
- * Start with some GID value if the user didn't provide us with
-@@ -344,7 +351,7 @@
- char *cp;
- int arg;
-
-- while ((arg = getopt(argc, argv, "og:O:f")) != EOF) {
-+ while ((arg = getopt(argc, argv, "og:O:fr")) != EOF) {
- switch (arg) {
- case 'g':
- gflg++;
-@@ -389,6 +396,12 @@
- */
- fflg++;
- break;
-+ case 'r':
-+ /*
-+ * create system group
-+ */
-+ rflg++;
-+ break;
- default:
- usage();
- }
-diff -Nur shadow-4.0.0.orig/src/useradd.c shadow-4.0.0/src/useradd.c
---- shadow-4.0.0.orig/src/useradd.c Fri Sep 7 17:12:54 2001
-+++ shadow-4.0.0/src/useradd.c Thu Oct 18 10:51:10 2001
-@@ -78,10 +78,10 @@
+--- shadow-4.0.16/lib/getdef.c~ 2006-06-08 00:19:27.452506888 +0300
++++ shadow-4.0.16/lib/getdef.c 2006-06-08 00:21:20.945057953 +0300
+@@ -59,6 +59,8 @@
+ {"FAKE_SHELL", NULL},
+ {"GID_MAX", NULL},
+ {"GID_MIN", NULL},
++ {"SYS_GID_MAX", NULL},
++ {"SYS_GID_MIN", NULL},
+ {"HUSHLOGIN_FILE", NULL},
+ {"KILLCHAR", NULL},
+ {"LOGIN_RETRIES", NULL},
+@@ -77,6 +79,8 @@
+ {"TTYTYPE_FILE", NULL},
+ {"UID_MAX", NULL},
+ {"UID_MIN", NULL},
++ {"SYS_UID_MAX", NULL},
++ {"SYS_UID_MIN", NULL},
+ {"UMASK", NULL},
+ {"USERDEL_CMD", NULL},
+ {"USERGROUPS_ENAB", NULL},
+--- shadow-4.0.6/src/useradd.c 2004-11-18 21:45:00.713398344 +0100
++++ shadow-4.0.16/src/useradd.c 2006-06-08 01:17:05.580340031 +0300
+@@ -72,10 +72,10 @@
/*
* These defaults are used if there is no defaults file.
*/
+static const char *def_home = "/home/users";
+static const char *def_shell = "/dev/null";
static const char *def_template = SKEL_DIR;
- #ifdef SHADOWPWD
- static long def_inactive = -1;
-@@ -93,7 +93,7 @@
+ static const char *def_create_mail_spool = "no";
+
+@@ -89,7 +89,7 @@
#define VALID(s) (strcspn (s, ":\n") == strlen (s))
static const char *user_name = "";
static uid_t user_id;
static gid_t user_gid;
static const char *user_comment = "";
-@@ -122,10 +122,12 @@
- sflg = 0, /* shell program for new account */
- cflg = 0, /* comment (GECOS) field for new account */
- mflg = 0, /* create user's home directory if it doesn't exist */
-+ Mflg = 0, /* don't create user's home directory */
- kflg = 0, /* specify a directory to fill new user directory */
- fflg = 0, /* days until account with expired password is locked */
- eflg = 0, /* days since 1970-01-01 when account is locked */
- Dflg = 0, /* set/show new user default values */
-+ rflg = 0, /* system account */
- nflg = 0; /* create a group having the same name as the user */
+@@ -126,6 +126,7 @@
+ mflg = 0, /* create user's home directory if it doesn't exist */
+ nflg = 0, /* create a group having the same name as the user */
+ oflg = 0, /* permit non-unique user ID to be specified with -u */
++ rflg = 0, /* create system account (wuth lower uid) */
+ sflg = 0, /* shell program for new account */
+ uflg = 0; /* specify user ID for new account */
- #ifdef AUTH_METHODS
-@@ -179,6 +181,7 @@
- * exit status values
- */
- #define E_SUCCESS 0 /* success */
-+#define E_LOCKING 1 /* locking error */
- #define E_PW_UPDATE 1 /* can't update password file */
- #define E_USAGE 2 /* bad command syntax */
- #define E_BAD_ARG 3 /* invalid argument to option */
-@@ -728,7 +731,7 @@
- #ifdef AUTH_METHODS
- fprintf(stderr, _("[-A program] "));
- #endif
-- fprintf(stderr, _("[-p passwd] name\n"));
-+ fprintf(stderr, _("[-p passwd] [-n] [-r] name\n"));
+@@ -632,6 +633,7 @@
+ " (non-unique) UID\n"
+ " -p, --password PASSWORD use encrypted password for the new user\n"
+ " account\n"
++ " -r create a system account, with uid lower than usual\n"
+ " -s, --shell SHELL the login shell for the new user account\n"
+ " -u, --uid UID force use the UID for the new user account\n"));
+ exit (E_USAGE);
+@@ -833,6 +835,13 @@
- fprintf(stderr, _(" %s\t-D [-g group] [-b base] [-s shell]\n"),
- Prog);
-@@ -985,9 +988,14 @@
- {
- const struct passwd *pwd;
- uid_t uid_min, uid_max;
--
-- uid_min = getdef_num("UID_MIN", 100);
-+
+ uid_min = getdef_unum ("UID_MIN", 1000);
+ uid_max = getdef_unum ("UID_MAX", 60000);
+ if (!rflg) {
-+ uid_min = getdef_num("UID_MIN", 500);
- uid_max = getdef_num("UID_MAX", 60000);
++ uid_min = getdef_unum ("UID_MIN", 500);
++ uid_max = getdef_unum ("UID_MAX", 60000);
+ } else {
-+ uid_min = 1;
-+ uid_max = 949;
-+ }
++ uid_min = getdef_unum ("SYS_UID_MIN", 1);
++ uid_max = getdef_unum ("SYS_UID_MAX", 499);
++ }
/*
* Start with some UID value if the user didn't provide us with
-@@ -1143,9 +1151,9 @@
- char *cp;
+@@ -1016,7 +1025,7 @@
+ {NULL, 0, NULL, '\0'}
+ };
+ while ((c =
+- getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mMop:s:u:",
++ getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mMop:s:u:r",
+ long_options, NULL)) != -1) {
+ switch (c) {
+ case 'b':
+@@ -1169,6 +1178,9 @@
+ }
+ user_pass = optarg;
+ break;
++ case 'r': /* create system account */
++ rflg++;
++ break;
+ case 's':
+ if (!VALID (optarg)
+ || (optarg[0]
+--- shadow-4.0.16/src/groupadd.c~ 2006-06-09 21:23:35.786172809 +0300
++++ shadow-4.0.16/src/groupadd.c 2006-06-09 21:26:14.039716861 +0300
+@@ -72,6 +72,7 @@
+ static int oflg = 0; /* permit non-unique group ID to be specified with -g */
+ static int gflg = 0; /* ID value for the new group */
+ static int fflg = 0; /* if group already exists, do nothing and exit(0) */
++static int rflg = 0; /* add system group (with lower gid) */
- #ifdef SHADOWPWD
--#define FLAGS "A:Du:og:G:d:s:c:mk:p:f:e:b:O:M"
-+#define FLAGS "A:Du:og:G:d:s:c:mk:p:f:e:b:O:Mnr"
- #else
--#define FLAGS "A:Du:og:G:d:s:c:mk:p:b:O:M"
-+#define FLAGS "A:Du:og:G:d:s:c:mk:p:b:O:Mnr"
- #endif
- while ((arg = getopt(argc, argv, FLAGS)) != EOF) {
- #undef FLAGS
-@@ -1278,6 +1286,9 @@
- case 'o':
- oflg++;
- break;
-+ case 'n':
-+ nflg++;
-+ break;
- case 'O':
- /*
- * override login.defs defaults (-O name=value)
-@@ -1304,6 +1315,9 @@
- }
- user_pass = optarg;
- break;
-+ case 'r': /* system account */
-+ rflg++;
-+ break;
- case 's':
- if (!VALID(optarg) || (optarg[0] &&
- (optarg[0] != '/' && optarg[0] != '*'))) {
-@@ -1329,7 +1343,9 @@
- * Certain options are only valid in combination with others.
- * Check it here so that they can be specified in any order.
- */
-- if ((oflg && !uflg) || (kflg && !mflg))
-+ if (kflg && !mflg)
-+ usage();
-+ if (mflg && Mflg)
- usage();
+ #ifdef NDBM
+ extern int gr_dbm_mode;
+@@ -104,6 +104,7 @@
+ " -h, --help display this help message and exit\n"
+ " -K, --key KEY=VALUE overrides /etc/login.defs defaults\n"
+ " -o, --non-unique allow create group with duplicate\n"
++ " -r create a system account, with gid lower than usual\n"
+ " (non-unique) GID\n"));
+ exit (E_USAGE);
+ }
+@@ -197,8 +198,13 @@
+ const struct group *grp;
+ gid_t gid_min, gid_max;
+
+- gid_min = getdef_unum ("GID_MIN", 1000);
+- gid_max = getdef_unum ("GID_MAX", 60000);
++ if (!rflg) {
++ gid_min = getdef_unum ("GID_MIN", 500);
++ gid_max = getdef_unum ("GID_MAX", 60000);
++ } else {
++ gid_min = getdef_unum ("SYS_GID_MIN", 10);
++ gid_max = getdef_unum ("SYS_GID_MAX", 499);
++ }
/*
+ * Start with some GID value if the user didn't provide us with
+@@ -412,7 +418,7 @@
+ };
+
+ while ((c =
+- getopt_long (argc, argv, "fg:hK:o", long_options,
++ getopt_long (argc, argv, "fg:hK:or", long_options,
+ &option_index)) != -1) {
+ switch (c) {
+ case 'f':
+@@ -463,6 +469,10 @@
+ case 'o':
+ oflg++;
+ break;
++ case 'r':
++ /* create system group */
++ rflg++;
++ break;
+ default:
+ usage ();
+ }
+--- shadow-4.0.16/man/groupadd.8~ 2006-06-09 23:20:28.053339201 +0300
++++ shadow-4.0.16/man/groupadd.8 2006-06-09 23:22:17.115785750 +0300
+@@ -14,7 +14,7 @@
+ groupadd \- create a new group
+ .SH "SYNOPSIS"
+ .HP 9
+-\fBgroupadd\fR [\-g\ \fIGID\fR\ [\-o]] [\-f] [\-K\ \fIKEY\fR=\fIVALUE\fR] \fIgroup\fR
++\fBgroupadd\fR [\-g\ \fIGID\fR\ [\-o]] [\-f] [\-r] [\-K\ \fIKEY\fR=\fIVALUE\fR] \fIgroup\fR
+ .SH "DESCRIPTION"
+ .PP
+ The
+@@ -58,6 +58,10 @@
+ .TP 3n
+ \fB\-o\fR
+ This option permits to add group with non\-unique GID.
++.TP 3n
++\fB-r\fR
++This flag is used to create a system group, with gid lower than usual
++(chosen between SYS_GID_MIN and SYS_GID_MAX).
+ .SH "FILES"
+ .TP 3n
+ \fI/etc/group\fR
+--- shadow-4.0.16/man/useradd.8~ 2006-06-09 23:05:41.393444193 +0300
++++ shadow-4.0.16/man/useradd.8 2006-06-09 23:05:43.273486388 +0300
+@@ -118,6 +118,9 @@
+ The encrypted password, as returned by
+ \fBcrypt\fR(3). The default is to disable the account.
+ .TP 3n
++\fB-r\fR
++The number of days after a password has expired before the account will be disabled.
++.TP 3n
+ \fB\-s\fR, \fB\-\-shell\fR \fISHELL\fR
+ The name of the user's login shell. The default is to leave this field blank, which causes the system to select the default login shell.
+ .TP 3n
+--- shadow-4.0.16/man/pl/groupadd.8~ 2006-06-09 21:27:27.071352380 +0300
++++ shadow-4.0.16/man/pl/groupadd.8 2006-06-09 21:29:35.034218035 +0300
+@@ -29,7 +29,7 @@
+ .SH NAZWA
+ groupadd \- twórz nową grupę
+ .SH SKŁADNIA
+-\fBgroupadd\fR [\fB\-g\fR \fIgid\fR [\fB\-o\fR]] [\fB\-f\fR] \fIgrupa\fR
++\fBgroupadd\fR [\fB\-g\fR \fIgid\fR [\fB\-o\fR]] [\fB\-f\fR] [\fB-r\fR] \fIgrupa\fR
+ .SH OPIS
+ Polecenie \fBgroupadd\fR tworzy nowe konto grupy posługując się
+ wartościami podanymi w wierszu poleceń i domyślnymi wartościami z systemu.
+@@ -42,6 +42,10 @@
+ podana groupa już istnieje. Z opcją \fB\-g\fR, jeśli podany gid już istnieje,
+ wybierany jest inny (unikalny) gid (czyli \fB\-g\fR jest wyłączane).
+ .TP
++.BI -r
++Ta opcja s¿u¿y do zak¿adania grup systemowych, z identyfikatorami ni¿szymi
++ni¿ zwykle (wybieranymi z przedzia¿u od SYS_GID_MIN do SYS_GID_MAX).
++.TP
+ .BI \-g " gid"
+ Numeryczna wartość identyfikatora grupy. Wartość ta musi być niepowtarzalna,
+ chyba że użyto opcji \fB\-o\fR. Wartość ID grupy nie może być ujemna. Domyślnie
+--- shadow-4.0.16/man/pl/useradd.8~ 2006-06-09 22:52:54.696249131 +0300
++++ shadow-4.0.16/man/pl/useradd.8 2006-06-09 23:00:57.427074349 +0300
+@@ -98,6 +98,9 @@
+ .IP "\fB\-p\fR \fIpasswd\fR"
+ Zakodowane hasło w postaci zwracanej przez \fBcrypt\fR(3).
+ Domyślnym działaniem jest blokowanie konta.
++.IP \fB-r\fR
++Tworzenie konta systemowego, z identyfikatorem ni¿szym ni¿ zwykle
++(wybieranym z przedzia¿u od SYS_UID_MIN do SYS_UID_MAX).
+ .IP "\fB\-s\fR \fIpowłoka\fR"
+ Nazwa powłoki (shell) użytkownika. Ustawienie tego pola na puste
+ powoduje, że system wybierze domyślną powłokę logowania.