diff --git a/pkg/shadow/build b/pkg/shadow/build
index 3a1c1cd..8bf6bc9 100755
--- a/pkg/shadow/build
+++ b/pkg/shadow/build
@@ -7,9 +7,6 @@ DEPENDS="toolchain"
 
 prepare() {
 	sed -i 's/groups$(EXEEXT) //' src/Makefile.in
-
-	sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \
-		-e 's@/var/spool/mail@/var/mail@' etc/login.defs
 }
 
 build() {
@@ -25,8 +22,8 @@ deploy() {
 
 	make DESTDIR="$DEPLOY" install
 	cp "$SCRIPTDIR/pkg/$PKGNAME/rootfs_files.txt" "$DEPLOY"
-
-	sed -i -e 's@HOME=/home@HOME=/usr@g' $DEPLOY/etc/default/useradd
+	cp "$SCRIPTDIR/pkg/$PKGNAME/login.defs" "$DEPLOY/etc"
+	cp "$SCRIPTDIR/pkg/$PKGNAME/useradd" "$DEPLOY/etc/default"
 
 	# *hrmpf*
 	if [ -e "$DEPLOY/sbin" ]; then
diff --git a/pkg/shadow/login.defs b/pkg/shadow/login.defs
new file mode 100644
index 0000000..1543bd6
--- /dev/null
+++ b/pkg/shadow/login.defs
@@ -0,0 +1,57 @@
+FAIL_DELAY		3
+FAILLOG_ENAB		yes
+LOG_UNKFAIL_ENAB	no
+LOG_OK_LOGINS		no
+LASTLOG_ENAB		yes
+MAIL_CHECK_ENAB		no
+OBSCURE_CHECKS_ENAB	yes
+PORTTIME_CHECKS_ENAB	yes
+QUOTAS_ENAB		yes
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+CONSOLE		/etc/securetty
+SULOG_FILE	/var/log/sulog
+MOTD_FILE	/etc/motd
+FTMP_FILE	/var/log/btmp
+NOLOGINS_FILE	/etc/nologin
+SU_NAME		su
+MAIL_DIR	/var/mail
+HUSHLOGIN_FILE	.hushlogin
+ENV_HZ		HZ=100
+ENV_SUPATH	PATH=/bin
+ENV_PATH	PATH=/bin
+TTYGROUP	tty
+TTYPERM		0600
+ERASECHAR	0177
+KILLCHAR	025
+UMASK		077
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_MIN_LEN	5
+PASS_WARN_AGE	7
+SU_WHEEL_ONLY	no
+CRACKLIB_DICTPATH	/var/cache/cracklib/cracklib_dict
+UID_MIN			 1000
+UID_MAX			60000
+SYS_UID_MIN		  101
+SYS_UID_MAX		  999
+SUB_UID_MIN		   100000
+SUB_UID_MAX		600100000
+SUB_UID_COUNT		    65536
+GID_MIN			 1000
+GID_MAX			60000
+SYS_GID_MIN		  101
+SYS_GID_MAX		  999
+SUB_GID_MIN		   100000
+SUB_GID_MAX		600100000
+SUB_GID_COUNT		    65536
+LOGIN_RETRIES		5
+LOGIN_TIMEOUT		60
+PASS_CHANGE_TRIES	5
+PASS_ALWAYS_WARN	yes
+CHFN_AUTH		yes
+CHFN_RESTRICT		rwh
+ENCRYPT_METHOD SHA512
+DEFAULT_HOME	yes
+ENVIRON_FILE	/etc/environment
+USERGROUPS_ENAB yes
diff --git a/pkg/shadow/useradd b/pkg/shadow/useradd
new file mode 100644
index 0000000..f486d31
--- /dev/null
+++ b/pkg/shadow/useradd
@@ -0,0 +1,7 @@
+# useradd defaults file
+HOME=/usr
+INACTIVE=-1
+EXPIRE=
+SHELL=/bin/bash
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=no