libnss_extrausers:

With the following lines in /etc/nsswitch.conf

passwd:         compat extrausers
group:          compat extrausers
shadow:         compat extrausers

and /lib/libnss_extrausers.so.2 from this package, glibc will
not only look in /etc/{passwd,shadow,group} but also in
/var/lib/extrausers/{passwd,shadow,group}. It will limit itself
to uids and gids of at least 500 - where detectable - to avoid
root or system account access. (Except users with gid 100
are also allowed, see below).

Since version 0.2, lines starting with # are ignored.

Since version 0.3 gid 100 is also allowed, because that is
the "users" group on Debian systems. (So people can put users
in that group instead of their own (though I strongly
discourage not every user having their own group by default)
without needing to have a special group with gid >= 500 for that).

Security considerations:
	Always use after compat in nsswitch.conf,
	otherwise it could overwrite the shadow-password for root.
	(shadow has not uids, so this cannot be ruled out)

	If someone is able to place terminals instead of the
	files, that could cause all programs to get a new
	controling terminal, making DoS attacks possible.

