[systemd-devel] [PATCH] sysusers: Preserve ownership and mode on /etc/passwd and friends

Colin Guthrie colin at mageia.org
Wed Oct 29 07:20:17 PDT 2014


When running sysusers we would clobber file ownership and permissions
on the files /etc/passwd, /etc/group and /etc/[g]shadow.

This simply preserves the ownership and mode if existing files are
found.
---
 src/sysusers/sysusers.c | 93 ++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 73 insertions(+), 20 deletions(-)

diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
index 9b9be96..1935993 100644
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@@ -358,6 +358,7 @@ static int write_files(void) {
         _cleanup_fclose_ FILE *passwd = NULL, *group = NULL, *shadow = NULL, *gshadow = NULL;
         _cleanup_free_ char *passwd_tmp = NULL, *group_tmp = NULL, *shadow_tmp = NULL, *gshadow_tmp = NULL;
         const char *passwd_path = NULL, *group_path = NULL, *shadow_path = NULL, *gshadow_path = NULL;
+        struct stat st;
         bool group_changed = false;
         Iterator iterator;
         Item *i;
@@ -372,15 +373,25 @@ static int write_files(void) {
                 if (r < 0)
                         goto finish;
 
-                if (fchmod(fileno(group), 0644) < 0) {
-                        r = -errno;
-                        goto finish;
-                }
-
                 original = fopen(group_path, "re");
                 if (original) {
                         struct group *gr;
 
+                        if (fstat(fileno(original), &st) < 0) {
+                                r = -errno;
+                                goto finish;
+                        }
+
+                        if (fchmod(fileno(group), st.st_mode & 07777) < 0) {
+                                r = -errno;
+                                goto finish;
+                        }
+
+                        if (fchown(fileno(group), st.st_uid, st.st_gid) < 0) {
+                                r = -errno;
+                                goto finish;
+                        }
+
                         errno = 0;
                         while ((gr = fgetgrent(original))) {
                                 /* Safety checks against name and GID
@@ -418,6 +429,9 @@ static int write_files(void) {
                 } else if (errno != ENOENT) {
                         r = -errno;
                         goto finish;
+                } else if (fchmod(fileno(group), 0644) < 0) {
+                        r = -errno;
+                        goto finish;
                 }
 
                 HASHMAP_FOREACH(i, todo_gids, iterator) {
@@ -449,15 +463,25 @@ static int write_files(void) {
                 if (r < 0)
                         goto finish;
 
-                if (fchmod(fileno(gshadow), 0000) < 0) {
-                        r = -errno;
-                        goto finish;
-                }
-
                 original = fopen(gshadow_path, "re");
                 if (original) {
                         struct sgrp *sg;
 
+                        if (fstat(fileno(original), &st) < 0) {
+                                r = -errno;
+                                goto finish;
+                        }
+
+                        if (fchmod(fileno(gshadow), st.st_mode & 07777) < 0) {
+                                r = -errno;
+                                goto finish;
+                        }
+
+                        if (fchown(fileno(gshadow), st.st_uid, st.st_gid) < 0) {
+                                r = -errno;
+                                goto finish;
+                        }
+
                         errno = 0;
                         while ((sg = fgetsgent(original))) {
 
@@ -483,6 +507,9 @@ static int write_files(void) {
                 } else if (errno != ENOENT) {
                         r = -errno;
                         goto finish;
+                } else if (fchmod(fileno(gshadow), 0000) < 0) {
+                        r = -errno;
+                        goto finish;
                 }
 
                 HASHMAP_FOREACH(i, todo_gids, iterator) {
@@ -513,15 +540,25 @@ static int write_files(void) {
                 if (r < 0)
                         goto finish;
 
-                if (fchmod(fileno(passwd), 0644) < 0) {
-                        r = -errno;
-                        goto finish;
-                }
-
                 original = fopen(passwd_path, "re");
                 if (original) {
                         struct passwd *pw;
 
+                        if (fstat(fileno(original), &st) < 0) {
+                                r = -errno;
+                                goto finish;
+                        }
+
+                        if (fchmod(fileno(passwd), st.st_mode & 07777) < 0) {
+                                r = -errno;
+                                goto finish;
+                        }
+
+                        if (fchown(fileno(passwd), st.st_uid, st.st_gid) < 0) {
+                                r = -errno;
+                                goto finish;
+                        }
+
                         errno = 0;
                         while ((pw = fgetpwent(original))) {
 
@@ -552,6 +589,9 @@ static int write_files(void) {
                 } else if (errno != ENOENT) {
                         r = -errno;
                         goto finish;
+                } else if (fchmod(fileno(passwd), 0644) < 0) {
+                        r = -errno;
+                        goto finish;
                 }
 
                 HASHMAP_FOREACH(i, todo_uids, iterator) {
@@ -596,15 +636,25 @@ static int write_files(void) {
                 if (r < 0)
                         goto finish;
 
-                if (fchmod(fileno(shadow), 0000) < 0) {
-                        r = -errno;
-                        goto finish;
-                }
-
                 original = fopen(shadow_path, "re");
                 if (original) {
                         struct spwd *sp;
 
+                        if (fstat(fileno(original), &st) < 0) {
+                                r = -errno;
+                                goto finish;
+                        }
+
+                        if (fchmod(fileno(shadow), st.st_mode & 07777) < 0) {
+                                r = -errno;
+                                goto finish;
+                        }
+
+                        if (fchown(fileno(shadow), st.st_uid, st.st_gid) < 0) {
+                                r = -errno;
+                                goto finish;
+                        }
+
                         errno = 0;
                         while ((sp = fgetspent(original))) {
 
@@ -629,6 +679,9 @@ static int write_files(void) {
                 } else if (errno != ENOENT) {
                         r = -errno;
                         goto finish;
+                } else if (fchmod(fileno(shadow), 0000) < 0) {
+                        r = -errno;
+                        goto finish;
                 }
 
                 lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY);
-- 
2.1.2



More information about the systemd-devel mailing list