[UPDATE] base-passwd (Was Re: base-passwd sets weird permissions)
John Morrison
john@morrison.mine.nu
Mon May 4 09:52:00 GMT 2009
Hi Corinna,
Patch applied...
md5sum for base-passwd-3.0-1.tar.bz2 479cb2a678f712b326dc09a24d329cfe
<http://homepage.ntlworld.com/j-n-s.morrison/john/cygwin/base-passwd/base-passwd-3.0-1.tar.bz2>
<http://homepage.ntlworld.com/j-n-s.morrison/john/cygwin/base-passwd/md5sum>
(not changed...)
<http://homepage.ntlworld.com/j-n-s.morrison/john/cygwin/base-passwd/setup.hint>
Let me know if there are any issues :)
J.
On Wed, April 22, 2009 8:02 pm, Corinna Vinschen wrote:
> Hi John,
>
> I just realized that the paswd-grp.sh postinstall script in the
> base-passwd package sets unsecure permissions on /etc/passwd and
> /etc/group. Is there any good reason to chmod 777 these files?
> I don't see any, especially not execute permission.
>
> chmod 644 would be the correct setting, afaics.
>
> We can also get rid of the sed calls to remove the line with :S-1-1-0:
> from passwd and group. These entries aren't generated for many many
> years.
>
> Last but not least, the file group should be set to the Administrators
> group by default.
>
> I would like to suggest the following patch:
>
> --- passwd-grp.sh.ORIG 2009-04-22 20:44:42.521387200 +0200
> +++ passwd-grp.sh 2009-04-22 20:59:04.167788000 +0200
> @@ -1,24 +1,27 @@
> #!/bin/sh
>
> +created_passwd=no
> +created_group=no
> +
> if [ ! -e /etc/passwd -a ! -L /etc/passwd ] ; then
> /bin/mkpasswd -l -c > /etc/passwd
> - /bin/chmod 777 /etc/passwd
> + /bin/chmod 644 /etc/passwd
> + created_passwd=yes
> fi
>
> if [ ! -e /etc/group -a ! -L /etc/group ] ; then
> /bin/mkgroup -l -c > /etc/group
> - /bin/chmod 777 /etc/group
> + /bin/chmod 644 /etc/group
> + created_group=yes
> fi
>
> -cp -f /etc/passwd /tmp/passwd.mkpasswd && \
> -( [ -w /etc/passwd ] || chmod --silent a+w /etc/passwd ; ) && \
> -sed -e '/:S-1-1-0:/d' /tmp/passwd.mkpasswd > /etc/passwd && \
> -chmod --silent --reference=/etc/group /etc/passwd
> -rm -f /tmp/passwd.mkpasswd
> -
> -cp -f /etc/group /tmp/group.mkgroup && \
> +cp -fp /etc/group /tmp/group.mkgroup && \
> ( [ -w /etc/group ] || chmod --silent a+w /etc/group ; ) && \
> echo "root:S-1-5-32-544:0:" > /etc/group && \
> -sed -e '/:S-1-1-0:/d' -e '/root:S-1-5-32-544:0:/d' /tmp/group.mkgroup >>
> /etc/group && \
> +sed -e '/root:S-1-5-32-544:0:/d' /tmp/group.mkgroup >> /etc/group && \
> chmod --silent --reference=/etc/passwd /etc/group
> rm -f /tmp/group.mkgroup
> +
> +# Deferred to be sure root group entry exists
> +[ "$created_passwd" = "yes" ] && /bin/chgrp --silent root /etc/passwd
> +[ "$created_group" = "yes" ] && /bin/chgrp --silent root /etc/group
>
>
> Corinna
>
> --
> Corinna Vinschen Please, send mails regarding Cygwin to
> Cygwin Project Co-Leader cygwin AT cygwin DOT com
> Red Hat
>
>
More information about the Cygwin-apps
mailing list