From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Mon, 15 Dec 2025 09:22:17 +0000 (+0100)
Subject: newusers: Allow creation without aging information
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d5c03d66c052d1a089f2612e7e3e36fe645536ba;p=thirdparty%2Fshadow.git

newusers: Allow creation without aging information

If PASS_MAX_DAYS is not set, newusers falls back to 10000 days, which is
considered "unlimited" in some parts of the source tree. All other tools
fall back to -1, which truely implies unlimited.

Sync newusers with all other shadow tools.

How to reproduce:

1. Remove or comment out PASS_MAX_DAYS from /etc/login.defs
2. Run `newusers <<< user:pass:1234:1234::/home/user:/bin/bash`
3. Check user line in /etc/shadow
```
/etc/shadow:user:HASH:19721:0:10000:7:::
```

Max days are set to 10000. Instead, this should be:

```
/etc/shadow:user:HASH:19721:0::7:::
```

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---

diff --git a/src/newusers.c b/src/newusers.c
index 2e69f2c99..ab16a219c 100644
--- a/src/newusers.c
+++ b/src/newusers.c
@@ -616,8 +616,7 @@ add_passwd(struct passwd *pwd, MAYBE_UNUSED const char *password)
 		spent.sp_lstchg = -1;
 	}
 	spent.sp_min    = getdef_num ("PASS_MIN_DAYS", 0);
-	/* 10000 is infinity this week */
-	spent.sp_max    = getdef_num ("PASS_MAX_DAYS", 10000);
+	spent.sp_max    = getdef_num ("PASS_MAX_DAYS", -1);
 	spent.sp_warn   = getdef_num ("PASS_WARN_AGE", -1);
 	spent.sp_inact  = -1;
 	spent.sp_expire = -1;