[systemd-commits] src/firstboot

Mon Jul 7 07:55:17 PDT 2014

src/firstboot/firstboot.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

New commits:
commit 3250929b7049f3fbbb610a92438c8a8b638ec155
Author: Lennart Poettering <lennart at poettering.net>
Date:   Mon Jul 7 16:54:09 2014 +0200

    firstboot: change /etc/shadow access mode to 000
    
    It appears to be customary to remove all access bits from /etc/shadow
    including those for the root owner), hence let's do the same.

diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c
index 56893d0..57173a5 100644
--- a/src/firstboot/firstboot.c
+++ b/src/firstboot/firstboot.c
@@ -531,7 +531,8 @@ static int write_root_shadow(const char *path, const struct spwd *p) {
         assert(p);
 
         mkdir_parents(path, 0755);
-        f = fopen(path, "wex");
+        RUN_WITH_UMASK(0777)
+                f = fopen(path, "wex");
         if (!f)
                 return -errno;
 

