diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-15 20:46:56 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-15 20:46:56 +0000 |
| commit | 2dd01f6cc0c6333b58c3e77f3d8a3dca116a1c8b (patch) | |
| tree | 96185c3fd8772392c9989835f1b9954b5aadb9d8 /debian/patches/501_commonio_group_shadow | |
| parent | Adding upstream version 1:4.13+dfsg1. (diff) | |
| download | shadow-2dd01f6cc0c6333b58c3e77f3d8a3dca116a1c8b.tar.xz shadow-2dd01f6cc0c6333b58c3e77f3d8a3dca116a1c8b.zip | |
Adding debian version 1:4.13+dfsg1-4.debian/1%4.13+dfsg1-4
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/501_commonio_group_shadow')
| -rw-r--r-- | debian/patches/501_commonio_group_shadow | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/debian/patches/501_commonio_group_shadow b/debian/patches/501_commonio_group_shadow new file mode 100644 index 0000000..cfdf10c --- /dev/null +++ b/debian/patches/501_commonio_group_shadow @@ -0,0 +1,60 @@ +Goal: save the [g]shadow files with the 'shadow' group and mode 0440 + +Fixes: #166793 + +--- a/lib/commonio.c ++++ b/lib/commonio.c +@@ -21,6 +21,7 @@ + #include <errno.h> + #include <stdio.h> + #include <signal.h> ++#include <grp.h> + #include "nscd.h" + #include "sssd.h" + #ifdef WITH_TCB +@@ -970,12 +971,23 @@ + goto fail; + } + } else { ++ struct group *grp; + /* + * Default permissions for new [g]shadow files. + */ + sb.st_mode = db->st_mode; + sb.st_uid = db->st_uid; + sb.st_gid = db->st_gid; ++ ++ /* ++ * Try to retrieve the shadow's GID, and fall back to GID 0. ++ */ ++ if (sb.st_gid == 0) { ++ if ((grp = getgrnam("shadow")) != NULL) ++ sb.st_gid = grp->gr_gid; ++ else ++ sb.st_gid = 0; ++ } + } + + snprintf (buf, sizeof buf, "%s+", db->filename); +--- a/lib/sgroupio.c ++++ b/lib/sgroupio.c +@@ -206,7 +206,7 @@ + #ifdef WITH_SELINUX + NULL, /* scontext */ + #endif +- 0400, /* st_mode */ ++ 0440, /* st_mode */ + 0, /* st_uid */ + 0, /* st_gid */ + NULL, /* head */ +--- a/lib/shadowio.c ++++ b/lib/shadowio.c +@@ -84,7 +84,7 @@ + #ifdef WITH_SELINUX + NULL, /* scontext */ + #endif /* WITH_SELINUX */ +- 0400, /* st_mode */ ++ 0440, /* st_mode */ + 0, /* st_uid */ + 0, /* st_gid */ + NULL, /* head */ |