38 lines
788 B
Plaintext
38 lines
788 B
Plaintext
Goal: save the [g]shadow files with the 'shadow' group and mode 0440
|
|
|
|
Fixes: #166793
|
|
|
|
--- a/lib/commonio.c
|
|
+++ b/lib/commonio.c
|
|
@@ -44,6 +44,7 @@
|
|
#include <errno.h>
|
|
#include <stdio.h>
|
|
#include <signal.h>
|
|
+#include <grp.h>
|
|
#include "nscd.h"
|
|
#ifdef WITH_SELINUX
|
|
#include <selinux/selinux.h>
|
|
@@ -988,13 +989,20 @@
|
|
goto fail;
|
|
}
|
|
} else {
|
|
+ struct group *grp;
|
|
/*
|
|
* Default permissions for new [g]shadow files.
|
|
* (passwd and group always exist...)
|
|
*/
|
|
- sb.st_mode = 0400;
|
|
+ sb.st_mode = 0440;
|
|
sb.st_uid = 0;
|
|
- sb.st_gid = 0;
|
|
+ /*
|
|
+ * Try to retrieve the shadow's GID, and fall back to GID 0.
|
|
+ */
|
|
+ if ((grp = getgrnam("shadow")) != NULL)
|
|
+ sb.st_gid = grp->gr_gid;
|
|
+ else
|
|
+ sb.st_gid = 0;
|
|
}
|
|
|
|
snprintf (buf, sizeof buf, "%s+", db->filename);
|