Bug 43706

Summary: pam_unix does not preserve file permissions
Product: [Retired] Red Hat Linux Reporter: Joseph Dunn <jdunn14>
Component: pamAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED RAWHIDE QA Contact: Aaron Brown <abrown>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-06-06 18:20:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Joseph Dunn 2001-06-06 18:20:53 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT)

Description of problem:
When a user changes their password with the passwd utility as shipped with 
RedHat 7.0 the permissions on /etc/shadow are reset to be owned by root, 
group root, and mode 0600 rather than preserving the permissions of the 
old shadow file.  The permissions are actually changed by the pam_unix 
module which is called via the /etc/pam.d/passwd which uses service=system-
auth which contains the line:

password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow

Looking at the code for pam_unix.so, specifically the source file 
pam_unix_passwd.c, clearly the permissions for the updated /etc/passwd 
and /etc/shadow files are hardcoded.  Simply replacing the hardcoded 
values with information taken from stats of the existing files should fix 
the problem.


How reproducible:
Always

Steps to Reproduce:
1.Change default permissions on /etc/shadow from the default 0600 to 0640
2.successfully change any user password using passwd
3.check the permissions on /etc/shadow, they will be reset to the default


Additional info:
Comment 1 Nalin Dahyabhai 2001-08-31 02:39:30 UTC 
This should be fixed in 0.75-10 and later.  Thanks!