Hi Corinna, Patch applied...
md5sum for base-passwd-3.0-1.tar.bz2 479cb2a678f712b326dc09a24d329cfe <http://homepage.ntlworld.com/j-n-s.morrison/john/cygwin/base-passwd/base-passwd-3.0-1.tar.bz2> <http://homepage.ntlworld.com/j-n-s.morrison/john/cygwin/base-passwd/md5sum> (not changed...) <http://homepage.ntlworld.com/j-n-s.morrison/john/cygwin/base-passwd/setup.hint> Let me know if there are any issues :) J. On Wed, April 22, 2009 8:02 pm, Corinna Vinschen wrote: > Hi John, > > I just realized that the paswd-grp.sh postinstall script in the > base-passwd package sets unsecure permissions on /etc/passwd and > /etc/group. Is there any good reason to chmod 777 these files? > I don't see any, especially not execute permission. > > chmod 644 would be the correct setting, afaics. > > We can also get rid of the sed calls to remove the line with :S-1-1-0: > from passwd and group. These entries aren't generated for many many > years. > > Last but not least, the file group should be set to the Administrators > group by default. > > I would like to suggest the following patch: > > --- passwd-grp.sh.ORIG 2009-04-22 20:44:42.521387200 +0200 > +++ passwd-grp.sh 2009-04-22 20:59:04.167788000 +0200 > @@ -1,24 +1,27 @@ > #!/bin/sh > > +created_passwd=no > +created_group=no > + > if [ ! -e /etc/passwd -a ! -L /etc/passwd ] ; then > /bin/mkpasswd -l -c > /etc/passwd > - /bin/chmod 777 /etc/passwd > + /bin/chmod 644 /etc/passwd > + created_passwd=yes > fi > > if [ ! -e /etc/group -a ! -L /etc/group ] ; then > /bin/mkgroup -l -c > /etc/group > - /bin/chmod 777 /etc/group > + /bin/chmod 644 /etc/group > + created_group=yes > fi > > -cp -f /etc/passwd /tmp/passwd.mkpasswd && \ > -( [ -w /etc/passwd ] || chmod --silent a+w /etc/passwd ; ) && \ > -sed -e '/:S-1-1-0:/d' /tmp/passwd.mkpasswd > /etc/passwd && \ > -chmod --silent --reference=/etc/group /etc/passwd > -rm -f /tmp/passwd.mkpasswd > - > -cp -f /etc/group /tmp/group.mkgroup && \ > +cp -fp /etc/group /tmp/group.mkgroup && \ > ( [ -w /etc/group ] || chmod --silent a+w /etc/group ; ) && \ > echo "root:S-1-5-32-544:0:" > /etc/group && \ > -sed -e '/:S-1-1-0:/d' -e '/root:S-1-5-32-544:0:/d' /tmp/group.mkgroup >> > /etc/group && \ > +sed -e '/root:S-1-5-32-544:0:/d' /tmp/group.mkgroup >> /etc/group && \ > chmod --silent --reference=/etc/passwd /etc/group > rm -f /tmp/group.mkgroup > + > +# Deferred to be sure root group entry exists > +[ "$created_passwd" = "yes" ] && /bin/chgrp --silent root /etc/passwd > +[ "$created_group" = "yes" ] && /bin/chgrp --silent root /etc/group > > > Corinna > > -- > Corinna Vinschen Please, send mails regarding Cygwin to > Cygwin Project Co-Leader cygwin AT cygwin DOT com > Red Hat > >
