Files
shadow/debian/patches/501_commonio_group_shadow
T
Balint Reczey 56751ea5fa Refresh patches
2022-08-20 18:37:02 +02:00

61 lines
1.3 KiB
Plaintext

Goal: save the [g]shadow files with the 'shadow' group and mode 0440
Fixes: #166793
--- a/lib/commonio.c
+++ b/lib/commonio.c
@@ -21,6 +21,7 @@
#include <errno.h>
#include <stdio.h>
#include <signal.h>
+#include <grp.h>
#include "nscd.h"
#include "sssd.h"
#ifdef WITH_TCB
@@ -976,12 +977,23 @@
goto fail;
}
} else {
+ struct group *grp;
/*
* Default permissions for new [g]shadow files.
*/
sb.st_mode = db->st_mode;
sb.st_uid = db->st_uid;
sb.st_gid = db->st_gid;
+
+ /*
+ * Try to retrieve the shadow's GID, and fall back to GID 0.
+ */
+ if (sb.st_gid == 0) {
+ if ((grp = getgrnam("shadow")) != NULL)
+ sb.st_gid = grp->gr_gid;
+ else
+ sb.st_gid = 0;
+ }
}
snprintf (buf, sizeof buf, "%s+", db->filename);
--- a/lib/sgroupio.c
+++ b/lib/sgroupio.c
@@ -206,7 +206,7 @@
#ifdef WITH_SELINUX
NULL, /* scontext */
#endif
- 0400, /* st_mode */
+ 0440, /* st_mode */
0, /* st_uid */
0, /* st_gid */
NULL, /* head */
--- a/lib/shadowio.c
+++ b/lib/shadowio.c
@@ -82,7 +82,7 @@
#ifdef WITH_SELINUX
NULL, /* scontext */
#endif /* WITH_SELINUX */
- 0400, /* st_mode */
+ 0440, /* st_mode */
0, /* st_uid */
0, /* st_gid */
NULL, /* head */