shadow: Remove SUIDs bits and add posix capabilities.

author Michael Tremer <michael.tremer@ipfire.org>

Thu, 30 Sep 2010 20:02:13 +0000 (22:02 +0200)

committer Michael Tremer <michael.tremer@ipfire.org>

Thu, 30 Sep 2010 20:02:13 +0000 (22:02 +0200)
author Michael Tremer <michael.tremer@ipfire.org>
Thu, 30 Sep 2010 20:02:13 +0000 (22:02 +0200)
committer Michael Tremer <michael.tremer@ipfire.org>
Thu, 30 Sep 2010 20:02:13 +0000 (22:02 +0200)
diff --git a/pkgs/core/shadow/shadow.nm b/pkgs/core/shadow/shadow.nm

index 95be96a411c9ffaeaf5fb3b353d98dc64411c00e..022e6b54a9ce688a1f1b6d586ae3e0f268680667 100644 (file)
--- a/pkgs/core/shadow/shadow.nm
+++ b/pkgs/core/shadow/shadow.nm
@@ -26,7 +26,7 @@ include $(PKGROOT)/Include
  
  PKG_NAME       = shadow
  PKG_VER        = 4.1.4.2
-PKG_REL        = 0
+PKG_REL        = 1
  
  PKG_MAINTAINER =
  PKG_GROUP      = System/Base
@@ -34,6 +34,8 @@ PKG_URL        = ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/
  PKG_LICENSE    = GPLv2+
  PKG_SUMMARY    = Utilities to deal with user accounts.
  
+PKG_BUILD_DEPS+= libcap
+
  define PKG_DESCRIPTION
         The shadow-utils package includes the necessary programs \
         for converting UNIX password files to the shadow password \
@@ -69,4 +71,11 @@ endef
  define STAGE_INSTALL_CMDS
         # Remove man pages in other languages
         rm -rfv $(BUILDROOT)/usr/share/man/{cs,de,fi,fr,hu,id,it,ja,pl,pt_BR,ru,sv,tr}
+
+       # Capabilities
+       chmod u-s $(BUILDROOT)/usr/bin/chage
+       setcap cap_dac_read_search+ep $(BUILDROOT)/usr/bin/chage
+
+       chmod u-s $(BUILDROOT)/usr/bin/newgrp
+       setcap cap_dac_override,cap_setgid+ep $(BUILDROOT)/usr/bin/newgrp
  endef
author	Michael Tremer <michael.tremer@ipfire.org>
	Thu, 30 Sep 2010 20:02:13 +0000 (22:02 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Thu, 30 Sep 2010 20:02:13 +0000 (22:02 +0200)