Hello I was helping triaging apache2 bugs reports in Debian and found that one: http://bugs.debian.org/564722 > Running "htdigest -c <file> <domain> <user>" provides inconsistent > results, sometimes removing entries for this or another <user> and > othertimes doubling up entries for <user>. I suggest that invoking the > command in this way with the -c flag should cause the programme to bail > out if the file <file> already exists. First, there really is a bug with -c parameter, which behaviour is inconsistent. Man page says: -c Create the passwdfile. If passwdfile already exists, it is deleted first. This is a regression^Wchange introduced 13 years ago: https://svn.apache.org/viewvc/httpd/httpd/trunk/support/htdigest.c?r1=85063&r2=85064 file was truncated fopen("w") and now it is no more, since we use apr_file_open(APR_WRITE | APR_CREATE) It is missing APR_TRUNCATE You can reproduce with $ htdigest -c ~/toto realm nirgal # file created $ htdigest ~/toto realm nirgal2 # second entry added $ htdigest -c ~/toto realm nirgal # file should be truncated. It's not. $ wc -l ~/toto 3 /home/nirgal/toto Patch is available at: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=12;filename=564722.diff;att=1;bug=564722 However, original bug repport suggest -c should fail if file exists. It makes sense to forbid file truncation of existing file, but it is opposition to man description, to htpasswd -c behavior, and it might break a few scripts. What is your feeling about that wish?