[Pkg-shadow-devel] [PATCH 5/5] Create dbs with correct permissions.

Fri Mar 20 13:50:01 UTC 2015

---
 lib/commonio.c      | 7 +++----
 lib/commonio.h      | 6 ++++++
 lib/groupio.c       | 3 +++
 lib/pwio.c          | 3 +++
 lib/sgroupio.c      | 3 +++
 lib/shadowio.c      | 3 +++
 lib/subordinateio.c | 6 ++++++
 7 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/lib/commonio.c b/lib/commonio.c
index cc536bf..b1c2771 100644
--- a/lib/commonio.c
+++ b/lib/commonio.c
@@ -968,11 +968,10 @@ int commonio_close (struct commonio_db *db)
 	} else {
 		/*
 		 * Default permissions for new [g]shadow files.
-		 * (passwd and group always exist...)
 		 */
-		sb.st_mode = 0400;
-		sb.st_uid = 0;
-		sb.st_gid = 0;
+		sb.st_mode = db->st_mode;
+		sb.st_uid = db->st_uid;
+		sb.st_gid = db->st_gid;
 	}
 
 	snprintf (buf, sizeof buf, "%s+", db->filename);
diff --git a/lib/commonio.h b/lib/commonio.h
index 0a316f9..cb4e961 100644
--- a/lib/commonio.h
+++ b/lib/commonio.h
@@ -124,6 +124,12 @@ struct commonio_db {
 	/*@null@*/security_context_t scontext;
 #endif
 	/*
+	 * Default permissions and owner for newly created data file.
+         */
+	mode_t st_mode;
+	uid_t st_uid;
+	gid_t st_gid;
+	/*
 	 * Head, tail, current position in linked list.
 	 */
 	/*@owned@*/ /*@null@*/struct commonio_entry *head;
diff --git a/lib/groupio.c b/lib/groupio.c
index 2a37bfd..3ad4736 100644
--- a/lib/groupio.c
+++ b/lib/groupio.c
@@ -130,6 +130,9 @@ static /*@owned@*/struct commonio_db group_db = {
 #ifdef WITH_SELINUX
 	NULL,			/* scontext */
 #endif
+	0644,                   /* st_mode */
+	0,                      /* st_uid */
+	0,                      /* st_gid */
 	NULL,			/* head */
 	NULL,			/* tail */
 	NULL,			/* cursor */
diff --git a/lib/pwio.c b/lib/pwio.c
index 793c2e5..7ee8537 100644
--- a/lib/pwio.c
+++ b/lib/pwio.c
@@ -105,6 +105,9 @@ static struct commonio_db passwd_db = {
 #ifdef WITH_SELINUX
 	NULL,			/* scontext */
 #endif
+	0644,                   /* st_mode */
+	0,                      /* st_uid */
+	0,                      /* st_gid */
 	NULL,			/* head */
 	NULL,			/* tail */
 	NULL,			/* cursor */
diff --git a/lib/sgroupio.c b/lib/sgroupio.c
index b497cd6..f268577 100644
--- a/lib/sgroupio.c
+++ b/lib/sgroupio.c
@@ -228,6 +228,9 @@ static struct commonio_db gshadow_db = {
 #ifdef WITH_SELINUX
 	NULL,			/* scontext */
 #endif
+	0400,                   /* st_mode */
+	0,                      /* st_uid */
+	0,                      /* st_gid */
 	NULL,			/* head */
 	NULL,			/* tail */
 	NULL,			/* cursor */
diff --git a/lib/shadowio.c b/lib/shadowio.c
index 1fb1bba..6e44ab2 100644
--- a/lib/shadowio.c
+++ b/lib/shadowio.c
@@ -104,6 +104,9 @@ static struct commonio_db shadow_db = {
 #ifdef WITH_SELINUX
 	NULL,			/* scontext */
 #endif				/* WITH_SELINUX */
+	0400,                   /* st_mode */
+	0,                      /* st_uid */
+	0,                      /* st_gid */
 	NULL,			/* head */
 	NULL,			/* tail */
 	NULL,			/* cursor */
diff --git a/lib/subordinateio.c b/lib/subordinateio.c
index 0ba117b..0fb063a 100644
--- a/lib/subordinateio.c
+++ b/lib/subordinateio.c
@@ -460,6 +460,9 @@ static struct commonio_db subordinate_uid_db = {
 #ifdef WITH_SELINUX
 	NULL,			/* scontext */
 #endif
+	0644,                   /* st_mode */
+	0,                      /* st_uid */
+	0,                      /* st_gid */
 	NULL,			/* head */
 	NULL,			/* tail */
 	NULL,			/* cursor */
@@ -538,6 +541,9 @@ static struct commonio_db subordinate_gid_db = {
 #ifdef WITH_SELINUX
 	NULL,			/* scontext */
 #endif
+	0644,                   /* st_mode */
+	0,                      /* st_uid */
+	0,                      /* st_gid */
 	NULL,			/* head */
 	NULL,			/* tail */
 	NULL,			/* cursor */
-- 
2.1.0


