From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 30 Sep 2010 20:02:13 +0000 (+0200)
Subject: shadow: Remove SUIDs bits and add posix capabilities.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bd15364ebd87dc7a90fec39c351a6ada1970d0ee;p=ipfire-3.x.git

shadow: Remove SUIDs bits and add posix capabilities.
---

diff --git a/pkgs/core/shadow/shadow.nm b/pkgs/core/shadow/shadow.nm
index 95be96a41..022e6b54a 100644
--- a/pkgs/core/shadow/shadow.nm
+++ b/pkgs/core/shadow/shadow.nm
@@ -26,7 +26,7 @@ include $(PKGROOT)/Include
 
 PKG_NAME       = shadow
 PKG_VER        = 4.1.4.2
-PKG_REL        = 0
+PKG_REL        = 1
 
 PKG_MAINTAINER =
 PKG_GROUP      = System/Base
@@ -34,6 +34,8 @@ PKG_URL        = ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/
 PKG_LICENSE    = GPLv2+
 PKG_SUMMARY    = Utilities to deal with user accounts.
 
+PKG_BUILD_DEPS+= libcap
+
 define PKG_DESCRIPTION
 	The shadow-utils package includes the necessary programs \
 	for converting UNIX password files to the shadow password \
@@ -69,4 +71,11 @@ endef
 define STAGE_INSTALL_CMDS
 	# Remove man pages in other languages
 	rm -rfv $(BUILDROOT)/usr/share/man/{cs,de,fi,fr,hu,id,it,ja,pl,pt_BR,ru,sv,tr}
+
+	# Capabilities
+	chmod u-s $(BUILDROOT)/usr/bin/chage
+	setcap cap_dac_read_search+ep $(BUILDROOT)/usr/bin/chage
+
+	chmod u-s $(BUILDROOT)/usr/bin/newgrp
+	setcap cap_dac_override,cap_setgid+ep $(BUILDROOT)/usr/bin/newgrp
 endef