Package: shadow / 1:4.2-3+deb8u4

501_commonio_group_shadow Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
Goal: save the [g]shadow files with the 'shadow' group and mode 0440

Fixes: #166793

Index: git/lib/commonio.c
===================================================================
--- git.orig/lib/commonio.c
+++ git/lib/commonio.c
@@ -44,6 +44,7 @@
 #include <errno.h>
 #include <stdio.h>
 #include <signal.h>
+#include <grp.h>
 #include "nscd.h"
 #ifdef WITH_TCB
 #include <tcb.h>
@@ -966,13 +967,20 @@
 			goto fail;
 		}
 	} else {
+		struct group *grp;
 		/*
 		 * Default permissions for new [g]shadow files.
 		 * (passwd and group always exist...)
 		 */
-		sb.st_mode = 0400;
+		sb.st_mode = 0440;
 		sb.st_uid = 0;
-		sb.st_gid = 0;
+		/*
+		 * Try to retrieve the shadow's GID, and fall back to GID 0.
+		 */
+		if ((grp = getgrnam("shadow")) != NULL)
+			sb.st_gid = grp->gr_gid;
+		else
+			sb.st_gid = 0;
 	}
 
 	snprintf (buf, sizeof buf, "%s+", db->filename);