67 lines
1.8 KiB
Diff
67 lines
1.8 KiB
Diff
Goal: save the [g]shadow files with the 'shadow' group and mode 0440
|
|
|
|
Fixes: #166793
|
|
|
|
Index: shadow/lib/commonio.c
|
|
===================================================================
|
|
--- shadow.orig/lib/commonio.c
|
|
+++ shadow/lib/commonio.c
|
|
@@ -21,6 +21,7 @@
|
|
#include <errno.h>
|
|
#include <stdio.h>
|
|
#include <signal.h>
|
|
+#include <grp.h>
|
|
|
|
#include "alloc.h"
|
|
#include "memzero.h"
|
|
@@ -956,12 +957,23 @@ int commonio_close (struct commonio_db *
|
|
if (errors != 0)
|
|
goto fail;
|
|
} else {
|
|
+ struct group *grp;
|
|
/*
|
|
* Default permissions for new [g]shadow files.
|
|
*/
|
|
sb.st_mode = db->st_mode;
|
|
sb.st_uid = db->st_uid;
|
|
sb.st_gid = db->st_gid;
|
|
+
|
|
+ /*
|
|
+ * Try to retrieve the shadow's GID, and fall back to GID 0.
|
|
+ */
|
|
+ if (sb.st_gid == 0) {
|
|
+ if ((grp = getgrnam("shadow")) != NULL)
|
|
+ sb.st_gid = grp->gr_gid;
|
|
+ else
|
|
+ sb.st_gid = 0;
|
|
+ }
|
|
}
|
|
|
|
if (SNPRINTF(buf, "%s+", db->filename) == -1)
|
|
Index: shadow/lib/sgroupio.c
|
|
===================================================================
|
|
--- shadow.orig/lib/sgroupio.c
|
|
+++ shadow/lib/sgroupio.c
|
|
@@ -209,7 +209,7 @@ static struct commonio_db gshadow_db = {
|
|
#ifdef WITH_SELINUX
|
|
NULL, /* scontext */
|
|
#endif
|
|
- 0400, /* st_mode */
|
|
+ 0440, /* st_mode */
|
|
0, /* st_uid */
|
|
0, /* st_gid */
|
|
NULL, /* head */
|
|
Index: shadow/lib/shadowio.c
|
|
===================================================================
|
|
--- shadow.orig/lib/shadowio.c
|
|
+++ shadow/lib/shadowio.c
|
|
@@ -85,7 +85,7 @@ static struct commonio_db shadow_db = {
|
|
#ifdef WITH_SELINUX
|
|
NULL, /* scontext */
|
|
#endif /* WITH_SELINUX */
|
|
- 0400, /* st_mode */
|
|
+ 0440, /* st_mode */
|
|
0, /* st_uid */
|
|
0, /* st_gid */
|
|
NULL, /* head */
|