From: Lennart Poettering Date: Mon, 7 Jul 2014 14:54:09 +0000 (+0200) Subject: firstboot: change /etc/shadow access mode to 000 X-Git-Tag: v216~735 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3250929b7049f3fbbb610a92438c8a8b638ec155;p=thirdparty%2Fsystemd.git firstboot: change /etc/shadow access mode to 000 It appears to be customary to remove all access bits from /etc/shadow including those for the root owner), hence let's do the same. --- diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c index 56893d0e370..57173a56695 100644 --- a/src/firstboot/firstboot.c +++ b/src/firstboot/firstboot.c @@ -531,7 +531,8 @@ static int write_root_shadow(const char *path, const struct spwd *p) { assert(p); mkdir_parents(path, 0755); - f = fopen(path, "wex"); + RUN_WITH_UMASK(0777) + f = fopen(path, "wex"); if (!f) return -errno;