I found a possible culprit. Patch debian/patches/1000_configure_userns swaps the order of `get_defaults`* and `process_flags`, but it's the job of `process_flags` to read the defaults if they weren't overridden on the command line. For instance, `process_flags` contains
```
if (!gflg) { user_gid = def_group;
}
if (!sflg) { user_shell = def_shell;
}
```
In fact, `process_flags` will end up doing that, but with the compiled-in defaults. I'm not 100% sure I understand the patched code, but ***maybe*** the fix is as simple as restoring the order of instructions, including of `is_sub_gid`; but I haven't read the logic for `is_sub_gid`.
I found a possible culprit. Patch debian/ patches/ 1000_configure_ userns swaps the order of `get_defaults`* and `process_flags`, but it's the job of `process_flags` to read the defaults if they weren't overridden on the command line. For instance, `process_flags` contains
```
user_ gid = def_group;
if (!gflg) {
}
if (!sflg) {
user_ shell = def_shell;
}
```
In fact, `process_flags` will end up doing that, but with the compiled-in defaults. I'm not 100% sure I understand the patched code, but ***maybe*** the fix is as simple as restoring the order of instructions, including of `is_sub_gid`; but I haven't read the logic for `is_sub_gid`.
Here's the guilty patch fragment (not applicable): orig/src/ useradd. c 2014-02-16 19:31:38.934898148 -0500 src/useradd. c 2014-02-16 19:31:38.926898149 -0500
```
--- shadow.
+++ shadow/
[...]
-
- get_defaults ();
+ is_sub_uid = sub_uid_ file_present () && !rflg && file_present () && !rflg &&
+ (!user_id || (user_id <= uid_max && user_id >= uid_min));
+ is_sub_gid = sub_gid_
+ (!user_id || (user_id <= uid_max && user_id >= uid_min));
+
+ get_defaults ();
+
```
*I'm using Markdown syntax to distinguish code and text.