This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[UPDATE] base-passwd (Was Re: base-passwd sets weird permissions)


Hi Corinna,

Patch applied...

md5sum for base-passwd-3.0-1.tar.bz2 479cb2a678f712b326dc09a24d329cfe
<http://homepage.ntlworld.com/j-n-s.morrison/john/cygwin/base-passwd/base-passwd-3.0-1.tar.bz2>

<http://homepage.ntlworld.com/j-n-s.morrison/john/cygwin/base-passwd/md5sum>

(not changed...)
<http://homepage.ntlworld.com/j-n-s.morrison/john/cygwin/base-passwd/setup.hint>

Let me know if there are any issues :)

J.

On Wed, April 22, 2009 8:02 pm, Corinna Vinschen wrote:
> Hi John,
>
> I just realized that the paswd-grp.sh postinstall script in the
> base-passwd package sets unsecure permissions on /etc/passwd and
> /etc/group.  Is there any good reason to chmod 777 these files?
> I don't see any, especially not execute permission.
>
> chmod 644 would be the correct setting, afaics.
>
> We can also get rid of the sed calls to remove the line with :S-1-1-0:
> from passwd and group.  These entries aren't generated for many many
> years.
>
> Last but not least, the file group should be set to the Administrators
> group by default.
>
> I would like to suggest the following patch:
>
> --- passwd-grp.sh.ORIG	2009-04-22 20:44:42.521387200 +0200
> +++ passwd-grp.sh	2009-04-22 20:59:04.167788000 +0200
> @@ -1,24 +1,27 @@
>  #!/bin/sh
>
> +created_passwd=no
> +created_group=no
> +
>  if [ ! -e /etc/passwd -a ! -L /etc/passwd ] ; then
>    /bin/mkpasswd -l -c > /etc/passwd
> -  /bin/chmod 777 /etc/passwd
> +  /bin/chmod 644 /etc/passwd
> +  created_passwd=yes
>  fi
>
>  if [ ! -e /etc/group -a ! -L /etc/group ] ; then
>    /bin/mkgroup -l -c > /etc/group
> -  /bin/chmod 777 /etc/group
> +  /bin/chmod 644 /etc/group
> +  created_group=yes
>  fi
>
> -cp -f /etc/passwd /tmp/passwd.mkpasswd && \
> -( [ -w /etc/passwd ] || chmod --silent a+w /etc/passwd ; ) && \
> -sed -e '/:S-1-1-0:/d' /tmp/passwd.mkpasswd > /etc/passwd && \
> -chmod --silent --reference=/etc/group /etc/passwd
> -rm -f /tmp/passwd.mkpasswd
> -
> -cp -f /etc/group /tmp/group.mkgroup && \
> +cp -fp /etc/group /tmp/group.mkgroup && \
>  ( [ -w /etc/group ] || chmod --silent a+w /etc/group ; ) && \
>  echo "root:S-1-5-32-544:0:" > /etc/group && \
> -sed -e '/:S-1-1-0:/d' -e '/root:S-1-5-32-544:0:/d' /tmp/group.mkgroup >>
> /etc/group && \
> +sed -e '/root:S-1-5-32-544:0:/d' /tmp/group.mkgroup >> /etc/group && \
>  chmod --silent --reference=/etc/passwd /etc/group
>  rm -f /tmp/group.mkgroup
> +
> +# Deferred to be sure root group entry exists
> +[ "$created_passwd" = "yes" ] && /bin/chgrp --silent root /etc/passwd
> +[ "$created_group" = "yes"  ] && /bin/chgrp --silent root /etc/group
>
>
> Corinna
>
> --
> Corinna Vinschen                  Please, send mails regarding Cygwin to
> Cygwin Project Co-Leader          cygwin AT cygwin DOT com
> Red Hat
>
>



Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]