First release under the uutils organization.

Highlights

• Repo transferred from shadow-utils-rs/shadow-rs to uutils/shadow-rs
• uucore 0.8 — aligned with latest uutils ecosystem
• nix → rustix — full migration, raw syscalls without libc overhead
• Standalone per-tool install — make install now installs 14 individual binaries with least-privilege setuid layout matching GNU shadow-utils (#138)
• Non-panicking I/O — all println!/eprintln! replaced with graceful writes (#141)
• Unwind tables suppressed — no binary layout leakage from setuid-root tools (#143)
• NSS-backed user lookup — getpwuid_r for LDAP/SSSD/systemd-homed compatibility (#147)
• 35+ security findings addressed across 6 review rounds (Copilot + Gemini)

Full changelog

See CHANGELOG.md for the complete list.

shadow-rs v0.1.0

Memory-safe Rust reimplementation of all 14 Linux shadow-utils tools. Drop-in replacement for GNU shadow-utils.

Tools

passwd useradd userdel usermod groupadd groupdel groupmod pwck grpck chage chpasswd chfn chsh newgrp

Highlights

• Single multicall binary — 894 KB stripped, 4x faster than GNU
• 562 tests — unit, integration (all 14 tools), property-based, 4 fuzz targets
• Zero unsafe code outside FFI — unsafe_code = "deny" enforced at workspace level
• Security hardened — atomic file writes, password zeroing (zeroize), core dump suppression, env sanitization, audit logging, SELinux support
• 3-distro CI — Debian (glibc), Alpine (musl), Fedora (SELinux)
• Packaging — Makefile with setuid, Debian .deb, Fedora .rpm
• MIT license — GPL clean-room development, no GPL source referenced
• Reviewed — GitHub Copilot (automated) + Google Gemini CLI (manual security audit)

Install

# From source
cargo build --release
sudo make install

# Docker test
docker compose run --rm debian cargo test --workspace

What's next

• v0.2.0: Shell completions (clap_complete), Landlock filesystem restriction
• Future: uutils ecosystem integration (Path A)

See CHANGELOG.md for full details.