[systemd-devel] [PATCH] sysusers: Preserve ownership and mode on /etc/passwd and friends
Colin Guthrie
colin at mageia.org
Wed Oct 29 07:20:17 PDT 2014
When running sysusers we would clobber file ownership and permissions
on the files /etc/passwd, /etc/group and /etc/[g]shadow.
This simply preserves the ownership and mode if existing files are
found.
---
src/sysusers/sysusers.c | 93 ++++++++++++++++++++++++++++++++++++++-----------
1 file changed, 73 insertions(+), 20 deletions(-)
diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
index 9b9be96..1935993 100644
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@@ -358,6 +358,7 @@ static int write_files(void) {
_cleanup_fclose_ FILE *passwd = NULL, *group = NULL, *shadow = NULL, *gshadow = NULL;
_cleanup_free_ char *passwd_tmp = NULL, *group_tmp = NULL, *shadow_tmp = NULL, *gshadow_tmp = NULL;
const char *passwd_path = NULL, *group_path = NULL, *shadow_path = NULL, *gshadow_path = NULL;
+ struct stat st;
bool group_changed = false;
Iterator iterator;
Item *i;
@@ -372,15 +373,25 @@ static int write_files(void) {
if (r < 0)
goto finish;
- if (fchmod(fileno(group), 0644) < 0) {
- r = -errno;
- goto finish;
- }
-
original = fopen(group_path, "re");
if (original) {
struct group *gr;
+ if (fstat(fileno(original), &st) < 0) {
+ r = -errno;
+ goto finish;
+ }
+
+ if (fchmod(fileno(group), st.st_mode & 07777) < 0) {
+ r = -errno;
+ goto finish;
+ }
+
+ if (fchown(fileno(group), st.st_uid, st.st_gid) < 0) {
+ r = -errno;
+ goto finish;
+ }
+
errno = 0;
while ((gr = fgetgrent(original))) {
/* Safety checks against name and GID
@@ -418,6 +429,9 @@ static int write_files(void) {
} else if (errno != ENOENT) {
r = -errno;
goto finish;
+ } else if (fchmod(fileno(group), 0644) < 0) {
+ r = -errno;
+ goto finish;
}
HASHMAP_FOREACH(i, todo_gids, iterator) {
@@ -449,15 +463,25 @@ static int write_files(void) {
if (r < 0)
goto finish;
- if (fchmod(fileno(gshadow), 0000) < 0) {
- r = -errno;
- goto finish;
- }
-
original = fopen(gshadow_path, "re");
if (original) {
struct sgrp *sg;
+ if (fstat(fileno(original), &st) < 0) {
+ r = -errno;
+ goto finish;
+ }
+
+ if (fchmod(fileno(gshadow), st.st_mode & 07777) < 0) {
+ r = -errno;
+ goto finish;
+ }
+
+ if (fchown(fileno(gshadow), st.st_uid, st.st_gid) < 0) {
+ r = -errno;
+ goto finish;
+ }
+
errno = 0;
while ((sg = fgetsgent(original))) {
@@ -483,6 +507,9 @@ static int write_files(void) {
} else if (errno != ENOENT) {
r = -errno;
goto finish;
+ } else if (fchmod(fileno(gshadow), 0000) < 0) {
+ r = -errno;
+ goto finish;
}
HASHMAP_FOREACH(i, todo_gids, iterator) {
@@ -513,15 +540,25 @@ static int write_files(void) {
if (r < 0)
goto finish;
- if (fchmod(fileno(passwd), 0644) < 0) {
- r = -errno;
- goto finish;
- }
-
original = fopen(passwd_path, "re");
if (original) {
struct passwd *pw;
+ if (fstat(fileno(original), &st) < 0) {
+ r = -errno;
+ goto finish;
+ }
+
+ if (fchmod(fileno(passwd), st.st_mode & 07777) < 0) {
+ r = -errno;
+ goto finish;
+ }
+
+ if (fchown(fileno(passwd), st.st_uid, st.st_gid) < 0) {
+ r = -errno;
+ goto finish;
+ }
+
errno = 0;
while ((pw = fgetpwent(original))) {
@@ -552,6 +589,9 @@ static int write_files(void) {
} else if (errno != ENOENT) {
r = -errno;
goto finish;
+ } else if (fchmod(fileno(passwd), 0644) < 0) {
+ r = -errno;
+ goto finish;
}
HASHMAP_FOREACH(i, todo_uids, iterator) {
@@ -596,15 +636,25 @@ static int write_files(void) {
if (r < 0)
goto finish;
- if (fchmod(fileno(shadow), 0000) < 0) {
- r = -errno;
- goto finish;
- }
-
original = fopen(shadow_path, "re");
if (original) {
struct spwd *sp;
+ if (fstat(fileno(original), &st) < 0) {
+ r = -errno;
+ goto finish;
+ }
+
+ if (fchmod(fileno(shadow), st.st_mode & 07777) < 0) {
+ r = -errno;
+ goto finish;
+ }
+
+ if (fchown(fileno(shadow), st.st_uid, st.st_gid) < 0) {
+ r = -errno;
+ goto finish;
+ }
+
errno = 0;
while ((sp = fgetspent(original))) {
@@ -629,6 +679,9 @@ static int write_files(void) {
} else if (errno != ENOENT) {
r = -errno;
goto finish;
+ } else if (fchmod(fileno(shadow), 0000) < 0) {
+ r = -errno;
+ goto finish;
}
lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY);
--
2.1.2
More information about the systemd-devel
mailing list