chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(from parent 1:
ffc90a1
)
firstboot: change /etc/shadow access mode to 000
author
Lennart Poettering
<lennart@poettering.net>
Mon, 7 Jul 2014 14:54:09 +0000
(16:54 +0200)
committer
Lennart Poettering
<lennart@poettering.net>
Mon, 7 Jul 2014 14:55:08 +0000
(16:55 +0200)
It appears to be customary to remove all access bits from /etc/shadow
including those for the root owner), hence let's do the same.
src/firstboot/firstboot.c
patch
|
blob
|
history
diff --git
a/src/firstboot/firstboot.c
b/src/firstboot/firstboot.c
index 56893d0e37031f5db0670b561fdbf11524d3cace..57173a56695b4905f73099af33916738fb4d6e0b 100644
(file)
--- a/
src/firstboot/firstboot.c
+++ b/
src/firstboot/firstboot.c
@@
-531,7
+531,8
@@
static int write_root_shadow(const char *path, const struct spwd *p) {
assert(p);
mkdir_parents(path, 0755);
- f = fopen(path, "wex");
+ RUN_WITH_UMASK(0777)
+ f = fopen(path, "wex");
if (!f)
return -errno;