diff options
| author | Lennart Poettering <lennart@poettering.net> | 2014-07-07 16:54:09 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2014-07-07 16:55:08 +0200 |
| commit | 3250929b7049f3fbbb610a92438c8a8b638ec155 (patch) | |
| tree | 4da42da7af4e547d5eb90d52f26c6131bc77a262 | |
| parent | ffc90a11962274ac597b7838f31a4aff0362aa46 (diff) | |
firstboot: change /etc/shadow access mode to 000
It appears to be customary to remove all access bits from /etc/shadow
including those for the root owner), hence let's do the same.
| -rw-r--r-- | src/firstboot/firstboot.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c index 56893d0e37..57173a5669 100644 --- a/src/firstboot/firstboot.c +++ b/src/firstboot/firstboot.c @@ -531,7 +531,8 @@ static int write_root_shadow(const char *path, const struct spwd *p) { assert(p); mkdir_parents(path, 0755); - f = fopen(path, "wex"); + RUN_WITH_UMASK(0777) + f = fopen(path, "wex"); if (!f) return -errno; |