From bab349b46ef01c68f534f7abe909ccfa2c8463ff Mon Sep 17 00:00:00 2001
From: Dimitri John Ledkov <dimitri.j.ledkov@intel.com>
Date: Fri, 27 Feb 2015 16:26:57 +0000
Subject: [PATCH] Create dbs with correct permissions.

---
 lib/commonio.c      | 7 +++----
 lib/commonio.h      | 6 ++++++
 lib/groupio.c       | 3 +++
 lib/pwio.c          | 3 +++
 lib/sgroupio.c      | 3 +++
 lib/shadowio.c      | 3 +++
 lib/subordinateio.c | 6 ++++++
 7 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/lib/commonio.c b/lib/commonio.c
index cc536bf14..b1c2771c8 100644
--- a/lib/commonio.c
+++ b/lib/commonio.c
@@ -968,11 +968,10 @@ int commonio_close (struct commonio_db *db)
 	} else {
 		/*
 		 * Default permissions for new [g]shadow files.
-		 * (passwd and group always exist...)
 		 */
-		sb.st_mode = 0400;
-		sb.st_uid = 0;
-		sb.st_gid = 0;
+		sb.st_mode = db->st_mode;
+		sb.st_uid = db->st_uid;
+		sb.st_gid = db->st_gid;
 	}
 
 	snprintf (buf, sizeof buf, "%s+", db->filename);
diff --git a/lib/commonio.h b/lib/commonio.h
index 0a316f9c8..cb4e96167 100644
--- a/lib/commonio.h
+++ b/lib/commonio.h
@@ -123,6 +123,12 @@ struct commonio_db {
 #ifdef WITH_SELINUX
 	/*@null@*/security_context_t scontext;
 #endif
+	/*
+	 * Default permissions and owner for newly created data file.
+         */
+	mode_t st_mode;
+	uid_t st_uid;
+	gid_t st_gid;
 	/*
 	 * Head, tail, current position in linked list.
 	 */
diff --git a/lib/groupio.c b/lib/groupio.c
index 2a37bfd9a..3ad4736bb 100644
--- a/lib/groupio.c
+++ b/lib/groupio.c
@@ -130,6 +130,9 @@ static /*@owned@*/struct commonio_db group_db = {
 #ifdef WITH_SELINUX
 	NULL,			/* scontext */
 #endif
+	0644,                   /* st_mode */
+	0,                      /* st_uid */
+	0,                      /* st_gid */
 	NULL,			/* head */
 	NULL,			/* tail */
 	NULL,			/* cursor */
diff --git a/lib/pwio.c b/lib/pwio.c
index 793c2e5a9..7ee853772 100644
--- a/lib/pwio.c
+++ b/lib/pwio.c
@@ -105,6 +105,9 @@ static struct commonio_db passwd_db = {
 #ifdef WITH_SELINUX
 	NULL,			/* scontext */
 #endif
+	0644,                   /* st_mode */
+	0,                      /* st_uid */
+	0,                      /* st_gid */
 	NULL,			/* head */
 	NULL,			/* tail */
 	NULL,			/* cursor */
diff --git a/lib/sgroupio.c b/lib/sgroupio.c
index b497cd65d..f2685779a 100644
--- a/lib/sgroupio.c
+++ b/lib/sgroupio.c
@@ -228,6 +228,9 @@ static struct commonio_db gshadow_db = {
 #ifdef WITH_SELINUX
 	NULL,			/* scontext */
 #endif
+	0400,                   /* st_mode */
+	0,                      /* st_uid */
+	0,                      /* st_gid */
 	NULL,			/* head */
 	NULL,			/* tail */
 	NULL,			/* cursor */
diff --git a/lib/shadowio.c b/lib/shadowio.c
index 1fb1bbab9..6e44ab24d 100644
--- a/lib/shadowio.c
+++ b/lib/shadowio.c
@@ -104,6 +104,9 @@ static struct commonio_db shadow_db = {
 #ifdef WITH_SELINUX
 	NULL,			/* scontext */
 #endif				/* WITH_SELINUX */
+	0400,                   /* st_mode */
+	0,                      /* st_uid */
+	0,                      /* st_gid */
 	NULL,			/* head */
 	NULL,			/* tail */
 	NULL,			/* cursor */
diff --git a/lib/subordinateio.c b/lib/subordinateio.c
index 88cc58176..0d64a9148 100644
--- a/lib/subordinateio.c
+++ b/lib/subordinateio.c
@@ -541,6 +541,9 @@ static struct commonio_db subordinate_uid_db = {
 #ifdef WITH_SELINUX
 	NULL,			/* scontext */
 #endif
+	0644,                   /* st_mode */
+	0,                      /* st_uid */
+	0,                      /* st_gid */
 	NULL,			/* head */
 	NULL,			/* tail */
 	NULL,			/* cursor */
@@ -619,6 +622,9 @@ static struct commonio_db subordinate_gid_db = {
 #ifdef WITH_SELINUX
 	NULL,			/* scontext */
 #endif
+	0644,                   /* st_mode */
+	0,                      /* st_uid */
+	0,                      /* st_gid */
 	NULL,			/* head */
 	NULL,			/* tail */
 	NULL,			/* cursor */
-- 
2.39.5