current/SOURCES/shadow-4.1.4.2-shadow_perms.patch

--- shadow-4.1.4.2/lib/commonio.c.shadow_perms  2009-05-10 15:49:05.000000000 +0200
+++ shadow-4.1.4.2/lib/commonio.c       2009-11-23 16:41:06.000000000 +0100
@@ -50,6 +50,7 @@
 #endif
 #include "prototypes.h"
 #include "commonio.h"
+#include <grp.h>
 
 /* local function prototypes */
 static int lrename (const char *, const char *);
@@ -810,6 +811,7 @@
        char buf[1024];
        int errors = 0;
        struct stat sb;
+       struct group *grp;
 
 #ifdef WITH_SELINUX
        /*@null@*/security_context_t old_context = NULL;
@@ -872,9 +874,12 @@
                 * Default permissions for new [g]shadow files.
                 * (passwd and group always exist...)
                 */
-               sb.st_mode = 0400;
+               sb.st_mode = 0440;
                sb.st_uid = 0;
-               sb.st_gid = 0;
+               if ((grp = getgrnam("shadow")) == NULL)
+                   sb.st_gid = 0;
+               else
+                   sb.st_gid = grp->gr_gid;
        }
 
        snprintf (buf, sizeof buf, "%s+", db->filename);
1	--- shadow-4.1.4.2/lib/commonio.c.shadow_perms 2009-05-10 15:49:05.000000000 +0200
2	+++ shadow-4.1.4.2/lib/commonio.c 2009-11-23 16:41:06.000000000 +0100
3	@@ -50,6 +50,7 @@
4	#endif
5	#include "prototypes.h"
6	#include "commonio.h"
7	+#include <grp.h>
8
9	/* local function prototypes */
10	static int lrename (const char , const char );
11	@@ -810,6 +811,7 @@
12	char buf[1024];
13	int errors = 0;
14	struct stat sb;
15	+ struct group *grp;
16
17	#ifdef WITH_SELINUX
18	/@null@/security_context_t old_context = NULL;
19	@@ -872,9 +874,12 @@
20	* Default permissions for new [g]shadow files.
21	* (passwd and group always exist...)
22	*/
23	- sb.st_mode = 0400;
24	+ sb.st_mode = 0440;
25	sb.st_uid = 0;
26	- sb.st_gid = 0;
27	+ if ((grp = getgrnam("shadow")) == NULL)
28	+ sb.st_gid = 0;
29	+ else
30	+ sb.st_gid = grp->gr_gid;
31	}
32
33	snprintf (buf, sizeof buf, "%s+", db->filename);