Pierre Warnier 7cc7c463cb passwd: implement -S, -l, -u, -d, -e, -n, -x, -w, -i, -P flags
Full drop-in replacement for GNU passwd administrative operations:
- Status display (-S, -Sa) with correct L/NP/P output format
- Lock (-l): prepend ! to shadow password hash
- Unlock (-u): remove leading ! with safety checks
- Delete (-d): set password to empty (passwordless account)
- Expire (-e): set last_change to 0 (force change at next login)
- Aging fields (-n/-x/-w/-i): set min/max/warn/inactive days
- Prefix (-P): operate on files under a prefix directory
- Correct exit codes (0-6) matching GNU passwd spec
- Mutual exclusion between conflicting flags via clap

shadow-core modules implemented:
- lock: file locking with .lock files, stale detection, PID tracking
- login_defs: /etc/login.defs KEY VALUE parser
- nscd: cache invalidation (nscd + sssd)
- sysroot: --prefix path resolver for testable file operations
- shadow: ShadowEntry helper methods (lock/unlock/delete/expire/status)

48 tests passing on Debian/Alpine/Fedora, zero clippy warnings.

Not yet implemented: PAM password change (default operation), --root
(chroot), --keep-tokens, --stdin, --repository.
2026-03-23 12:36:29 +01:00
2026-03-23 10:56:43 +01:00

shadow-rs

Memory-safe Rust reimplementation of Linux shadow-utils (useradd, passwd, groupadd, etc.)

S
Description
No description provided
Readme MIT 870 KiB
Languages
Rust 94.8%
Shell 4.7%
Makefile 0.3%
Fluent 0.2%