chiark / gitweb /
firstboot: change /etc/shadow access mode to 000
authorLennart Poettering <lennart@poettering.net>
Mon, 7 Jul 2014 14:54:09 +0000 (16:54 +0200)
committerLennart Poettering <lennart@poettering.net>
Mon, 7 Jul 2014 14:55:08 +0000 (16:55 +0200)
It appears to be customary to remove all access bits from /etc/shadow
including those for the root owner), hence let's do the same.

src/firstboot/firstboot.c

index 56893d0..57173a5 100644 (file)
@@ -531,7 +531,8 @@ static int write_root_shadow(const char *path, const struct spwd *p) {
         assert(p);
 
         mkdir_parents(path, 0755);
-        f = fopen(path, "wex");
+        RUN_WITH_UMASK(0777)
+                f = fopen(path, "wex");
         if (!f)
                 return -errno;