There is no need for pam_tally2 in --reset=0 mode to create a missing tallylog file because its absence has the same meaning as its existence with the appropriate entry reset. This was not a big deal until useradd(8) from shadow suite release 4.5 started to invoke /sbin/pam_tally2 --reset routinely regardless of PAM configuration. The positive effect of this change is noticeable when using tools like cpio(1) that cannot archive huge sparse files efficiently. * modules/pam_tally2/pam_tally2.c [MAIN] (main) <cline_user>: Stat cline_filename when cline_reset == 0, exit early if the file is missing. ---  modules/pam_tally2/pam_tally2.c | 12 ++++++++++++  1 file changed, 12 insertions(+) diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c index 9f3bebe..da1c048 100644 --- a/modules/pam_tally2/pam_tally2.c +++ b/modules/pam_tally2/pam_tally2.c @@ -959,6 +959,18 @@ main( int argc UNUSED, char **argv )        exit(1);      }   +    if (cline_reset == 0) { +      struct stat st; + +      if (stat(cline_filename, &st) && errno == ENOENT) { + if (!cline_quiet) { +   memset(&tally, 0, sizeof(tally)); +   print_one(&tally, uid); + } + return 0; /* no file => nothing to reset */ +      } +    } +      i=get_tally(NULL, uid, cline_filename, &tfile, &tally, 0);      if ( i != PAM_SUCCESS ) {        if (tfile != -1)