Comment 8 for bug 1321854

I found a possible culprit. Patch debian/patches/1000_configure_userns swaps the order of `get_defaults`* and `process_flags`, but it's the job of `process_flags` to read the defaults if they weren't overridden on the command line. For instance, `process_flags` contains

```
        if (!gflg) {
                user_gid = def_group;
        }

        if (!sflg) {
                user_shell = def_shell;
        }
```

In fact, `process_flags` will end up doing that, but with the compiled-in defaults. I'm not 100% sure I understand the patched code, but ***maybe*** the fix is as simple as restoring the order of instructions, including of `is_sub_gid`; but I haven't read the logic for `is_sub_gid`.

Here's the guilty patch fragment (not applicable):
```
--- shadow.orig/src/useradd.c 2014-02-16 19:31:38.934898148 -0500
+++ shadow/src/useradd.c 2014-02-16 19:31:38.926898149 -0500
[...]
-
- get_defaults ();

        process_flags (argc, argv);

+ is_sub_uid = sub_uid_file_present () && !rflg &&
+ (!user_id || (user_id <= uid_max && user_id >= uid_min));
+ is_sub_gid = sub_gid_file_present () && !rflg &&
+ (!user_id || (user_id <= uid_max && user_id >= uid_min));
+
+ get_defaults ();
+
```

*I'm using Markdown syntax to distinguish code and text.