Goal: save the [g]shadow files with the 'shadow' group and mode 0440

Fixes: #166793

Index: shadow-4.1.0/lib/commonio.c
===================================================================
--- shadow-4.1.0.orig/lib/commonio.c
+++ shadow-4.1.0/lib/commonio.c
@@ -13,6 +13,7 @@
 #include <errno.h>
 #include <stdio.h>
 #include <signal.h>
+#include <grp.h>
 #include "nscd.h"
 #ifdef WITH_SELINUX
 #include <selinux/selinux.h>
@@ -712,13 +713,20 @@
 			goto fail;
 		}
 	} else {
+		struct group *grp;
 		/*
 		 * Default permissions for new [g]shadow files.
 		 * (passwd and group always exist...)
 		 */
-		sb.st_mode = 0400;
+		sb.st_mode = 0440;
 		sb.st_uid = 0;
-		sb.st_gid = 0;
+		/*
+		 * Try to retrieve the shadow's GID, and fall back to GID 0.
+		 */
+		if ((grp = getgrnam("shadow")) != NULL)
+			sb.st_gid = grp->gr_gid;
+		else
+			sb.st_gid = 0;
 	}
 
 	snprintf (buf, sizeof buf, "%s+", db->filename);