Bug 43706 - pam_unix does not preserve file permissions
Summary: pam_unix does not preserve file permissions
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: pam   
(Show other bugs)
Version: 7.1
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Aaron Brown
Depends On:
TreeView+ depends on / blocked
Reported: 2001-06-06 18:20 UTC by Joseph Dunn
Modified: 2007-04-18 16:33 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-06-06 18:20:57 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2001:149 normal SHIPPED_LIVE Updated pam and usermode packages available 2001-11-02 05:00:00 UTC

Description Joseph Dunn 2001-06-06 18:20:53 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT)

Description of problem:
When a user changes their password with the passwd utility as shipped with 
RedHat 7.0 the permissions on /etc/shadow are reset to be owned by root, 
group root, and mode 0600 rather than preserving the permissions of the 
old shadow file.  The permissions are actually changed by the pam_unix 
module which is called via the /etc/pam.d/passwd which uses service=system-
auth which contains the line:

password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow

Looking at the code for pam_unix.so, specifically the source file 
pam_unix_passwd.c, clearly the permissions for the updated /etc/passwd 
and /etc/shadow files are hardcoded.  Simply replacing the hardcoded 
values with information taken from stats of the existing files should fix 
the problem.

How reproducible:

Steps to Reproduce:
1.Change default permissions on /etc/shadow from the default 0600 to 0640
2.successfully change any user password using passwd
3.check the permissions on /etc/shadow, they will be reset to the default

Additional info:

Comment 1 Nalin Dahyabhai 2001-08-31 02:39:30 UTC
This should be fixed in 0.75-10 and later.  Thanks!

Note You need to log in before you can comment on or make changes to this bug.