--- /dev/null
+diff -Nur shadow-4.1.4.2_orig/libmisc/find_new_gid.c shadow-4.1.4.2/libmisc/find_new_gid.c
+--- shadow-4.1.4.2_orig/libmisc/find_new_gid.c 2009-07-17 23:53:42.000000000 +0000
++++ shadow-4.1.4.2/libmisc/find_new_gid.c 2009-08-03 18:16:37.000000000 +0000
+@@ -58,11 +58,11 @@
+ assert (gid != NULL);
+
+ if (!sys_group) {
+- gid_min = (gid_t) getdef_ulong ("GID_MIN", 1000UL);
++ gid_min = (gid_t) getdef_ulong ("GID_MIN", 500UL);
+ gid_max = (gid_t) getdef_ulong ("GID_MAX", 60000UL);
+ } else {
+ gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
+- gid_max = (gid_t) getdef_ulong ("GID_MIN", 1000UL) - 1;
++ gid_max = (gid_t) getdef_ulong ("GID_MIN", 500UL) - 1;
+ gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
+ }
+ used_gids = alloca (sizeof (bool) * (gid_max +1));
+diff -Nur shadow-4.1.4.2_orig/libmisc/find_new_uid.c shadow-4.1.4.2/libmisc/find_new_uid.c
+--- shadow-4.1.4.2_orig/libmisc/find_new_uid.c 2009-07-17 23:53:43.000000000 +0000
++++ shadow-4.1.4.2/libmisc/find_new_uid.c 2009-08-03 18:17:20.000000000 +0000
+@@ -58,11 +58,11 @@
+ assert (uid != NULL);
+
+ if (!sys_user) {
+- uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
++ uid_min = (uid_t) getdef_ulong ("UID_MIN", 500UL);
+ uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
+ } else {
+ uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL);
+- uid_max = (uid_t) getdef_ulong ("UID_MIN", 1000UL) - 1;
++ uid_max = (uid_t) getdef_ulong ("UID_MIN", 500UL) - 1;
+ uid_max = (uid_t) getdef_ulong ("SYS_UID_MAX", (unsigned long) uid_max);
+ }
+ used_uids = alloca (sizeof (bool) * (uid_max +1));
+diff -Nur shadow-4.1.4.2_orig/src/useradd.c shadow-4.1.4.2/src/useradd.c
+--- shadow-4.1.4.2_orig/src/useradd.c 2009-06-05 22:16:58.000000000 +0000
++++ shadow-4.1.4.2/src/useradd.c 2009-08-03 18:26:31.000000000 +0000
+@@ -90,7 +90,7 @@
+ static gid_t def_group = 100;
+ static const char *def_gname = "other";
+ static const char *def_home = "/home";
+-static const char *def_shell = "";
++static const char *def_shell = "/sbin/nologin";
+ static const char *def_template = SKEL_DIR;
+ static const char *def_create_mail_spool = "no";
+
+@@ -102,7 +102,7 @@
+ #define VALID(s) (strcspn (s, ":\n") == strlen (s))
+
+ static const char *user_name = "";
+-static const char *user_pass = "!";
++static const char *user_pass = "!!";
+ static uid_t user_id;
+ static gid_t user_gid;
+ static const char *user_comment = "";
+@@ -989,9 +989,9 @@
+ };
+ while ((c = getopt_long (argc, argv,
+ #ifdef WITH_SELINUX
+- "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:UZ:",
++ "b:c:d:De:f:g:G:k:K:lmMnNop:rs:u:UZ:",
+ #else
+- "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:U",
++ "b:c:d:De:f:g:G:k:K:lmMnNop:rs:u:U",
+ #endif
+ long_options, NULL)) != -1) {
+ switch (c) {
+@@ -1141,6 +1141,7 @@
+ case 'M':
+ Mflg = true;
+ break;
++ case 'n':
+ case 'N':
+ Nflg = true;
+ break;