diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:54:38 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:54:38 +0000 |
commit | 6cfae0f7454977a2a1171b25e82cef512c14e156 (patch) | |
tree | 67cc236679251beaf5e95d9bc5a6a69b745202d0 /debian/patches/501_commonio_group_shadow | |
parent | Adding upstream version 1:4.13+dfsg1. (diff) | |
download | shadow-6cfae0f7454977a2a1171b25e82cef512c14e156.tar.xz shadow-6cfae0f7454977a2a1171b25e82cef512c14e156.zip |
Adding debian version 1:4.13+dfsg1-1.debian/1%4.13+dfsg1-1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/501_commonio_group_shadow')
-rw-r--r-- | debian/patches/501_commonio_group_shadow | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/debian/patches/501_commonio_group_shadow b/debian/patches/501_commonio_group_shadow new file mode 100644 index 0000000..cfdf10c --- /dev/null +++ b/debian/patches/501_commonio_group_shadow @@ -0,0 +1,60 @@ +Goal: save the [g]shadow files with the 'shadow' group and mode 0440 + +Fixes: #166793 + +--- a/lib/commonio.c ++++ b/lib/commonio.c +@@ -21,6 +21,7 @@ + #include <errno.h> + #include <stdio.h> + #include <signal.h> ++#include <grp.h> + #include "nscd.h" + #include "sssd.h" + #ifdef WITH_TCB +@@ -970,12 +971,23 @@ + goto fail; + } + } else { ++ struct group *grp; + /* + * Default permissions for new [g]shadow files. + */ + sb.st_mode = db->st_mode; + sb.st_uid = db->st_uid; + sb.st_gid = db->st_gid; ++ ++ /* ++ * Try to retrieve the shadow's GID, and fall back to GID 0. ++ */ ++ if (sb.st_gid == 0) { ++ if ((grp = getgrnam("shadow")) != NULL) ++ sb.st_gid = grp->gr_gid; ++ else ++ sb.st_gid = 0; ++ } + } + + snprintf (buf, sizeof buf, "%s+", db->filename); +--- a/lib/sgroupio.c ++++ b/lib/sgroupio.c +@@ -206,7 +206,7 @@ + #ifdef WITH_SELINUX + NULL, /* scontext */ + #endif +- 0400, /* st_mode */ ++ 0440, /* st_mode */ + 0, /* st_uid */ + 0, /* st_gid */ + NULL, /* head */ +--- a/lib/shadowio.c ++++ b/lib/shadowio.c +@@ -84,7 +84,7 @@ + #ifdef WITH_SELINUX + NULL, /* scontext */ + #endif /* WITH_SELINUX */ +- 0400, /* st_mode */ ++ 0440, /* st_mode */ + 0, /* st_uid */ + 0, /* st_gid */ + NULL, /* head */ |