Comment 4 for bug 1323732

does nss-altfiles allow us to keep a readonly locked down /etc/passwd|shadow|group|gshadow ? it is pretty essential that adduser can not change system accounts that are in one of the above files in our readonly setup, can nss-altfiles provide such a level of lockdown ?