Goal: save the [g]shadow files with the 'shadow' group and mode 0440

Fixes: #166793

--- a/lib/commonio.c
+++ b/lib/commonio.c
@@ -21,6 +21,7 @@
 #include <errno.h>
 #include <stdio.h>
 #include <signal.h>
+#include <grp.h>
 #include "nscd.h"
 #include "sssd.h"
 #ifdef WITH_TCB
@@ -970,12 +971,23 @@
 			goto fail;
 		}
 	} else {
+		struct group *grp;
 		/*
 		 * Default permissions for new [g]shadow files.
 		 */
 		sb.st_mode = db->st_mode;
 		sb.st_uid = db->st_uid;
 		sb.st_gid = db->st_gid;
+
+		/*
+		 * Try to retrieve the shadow's GID, and fall back to GID 0.
+		 */
+		if (sb.st_gid == 0) {
+			if ((grp = getgrnam("shadow")) != NULL)
+				sb.st_gid = grp->gr_gid;
+			else
+				sb.st_gid = 0;
+		}
 	}
 
 	snprintf (buf, sizeof buf, "%s+", db->filename);
--- a/lib/sgroupio.c
+++ b/lib/sgroupio.c
@@ -206,7 +206,7 @@
 #ifdef WITH_SELINUX
 	NULL,			/* scontext */
 #endif
-	0400,                   /* st_mode */
+	0440,                   /* st_mode */
 	0,                      /* st_uid */
 	0,                      /* st_gid */
 	NULL,			/* head */
--- a/lib/shadowio.c
+++ b/lib/shadowio.c
@@ -84,7 +84,7 @@
 #ifdef WITH_SELINUX
 	NULL,			/* scontext */
 #endif				/* WITH_SELINUX */
-	0400,                   /* st_mode */
+	0440,                   /* st_mode */
 	0,                      /* st_uid */
 	0,                      /* st_gid */
 	NULL,			/* head */