Product SiteDocumentation Site

1.189. shadow-utils

1.189.1. RHBA-2010:0209: bug fix update

An updated shadow-utils package that fixes several bugs is now available.
The shadow-utils package includes programs for converting UNIX password files to the shadow password format, as well as tools for managing user and group accounts.
The updated shadow-utils package fixes the following bugs:
* shadow-utils package updates would overwrite the /etc/default/useradd directory. This would cause site configuration settings to be lost. Updates no longer overwrite the /etc/default/useradd directory, and site configuration changes are maintained. (BZ#510102)
* the newusers utility allows a batch of new users to be created and updated. The utility was not checking the range of generated UIDs (user identifiers) or GIDs (group identifiers). When used on AMD64 and Intel 64 systems, identifiers could be negative numbers outside the valid range of 500 to 60,000. The newusers utility now checks the range of generated UIDs and GIDs so that they do not appear outside the valid range. (BZ#306241)
* the newusers utility failed if a specified parent directory did not exist. The error message, 'mkdir failed', did not detail the cause of the failure. The newusers utility has been updated to note when the parent directory does not exist, and the manual page now emphasizes how non-existent parent directories are dealt with. The behavior of the newusers utility in this situation is now clearer. (BZ#461455)
* the useradd utility is used to create or update a new user's default information. The useradd utility did not recognize the base directory option (-b, --base-dir), and commands using this option would not succeed. The useradd utility has been updated to recognize the base directory option properly, and useradd commands now work as expected. (BZ#469158)
* the useradd utility did not reset the error number variable before checking function return values. As a consequence, error numbers could be affected by retained values, and the utility would fail with 'invalid numeric argument'. The error number variable is now reset before each function call, and error numbers in the useradd utility are reported correctly. (BZ#487575)
* the useradd utility handled the creation of UIDs differently on x86 and PowerPC 64 architectures than it did on others. As a consequence, UIDs greater than 2147483647 were rejected on these systems. The useradd utility now treats UIDs the same across architectures, and large UIDs are not rejected on x86 and PowerPC 64 architectures. (BZ#505033)
* the usermod utility allows a user account to be modified. The usermod utility did not support LDAP (Lightweight Directory Access Protocol) users, despite support in other utilities. As a result, the usermod utility could not add LDAP users to local groups. LDAP support has now been added to the usermod utility, and LDAP users can be added to local groups. (BZ#449154)
* the restorecon command sets file security contexts. The usermod utility was calling the restorecon command every time a user's home directory was changed. This would result in an error if expected files no longer existed. The restorecon command is no longer called by the usermod utility, and changing a user's home directory succeeds as expected. (BZ#494575)
* the faillog utility displays failure logs and sets login failure limits. When the utility was used with the print option (-p), the log was read sequentially to print in UID order. This was unnecessary and caused long print times. The faillog utility has been updated to print without ordering, and printing now completes in an acceptable time. (BZ#473054)
* the grpconv utility converts shadow passwords and groups. The utility was not checking whether duplicate group entries existed in the /etc/group directory. Running the utility with duplicate entries would consume too much memory. The grpconv utility now checks for duplicate group entries in the /etc/group directory, and excess memory is no longer consumed. (BZ#507706)
All users of shadow-utils are advised to upgrade to this updated package, which resolves these issues.

Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.