diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 2002-11-21 21:25:20 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 2002-11-21 21:25:20 +0000 |
| commit | 2386d041ffdf7328f29f13e26f6e934109cae29e (patch) | |
| tree | 110d855f9e2fef44139f6dff3b233a9d078b3638 /etc/mtree | |
| parent | e45b5605a588b8dc925887830f0dbb33b7fd38be (diff) | |
Add a "shadow" group and make the shadow passwd db readable by that
group. This changes getpw* to always try the shadow db first and
then fall back to the db w/o password hashes. In the future,
/usr/libexec/auth/login_passwd (and others) will be setgid shadow
instead of setuid root. OK deraadt@
If you track -current you should do the following:
o add group shadow to /etc/group
o chgrp shadow /etc/spwd.db
o chmod 640 /etc/spwd.db
o rebuild and install src/usr.sbin/pwd_mkdb
You do not need to rebuild libc yet, but it would't hurt to do so.
Diffstat (limited to 'etc/mtree')
| -rw-r--r-- | etc/mtree/special | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/mtree/special b/etc/mtree/special index a0cb05b0b13..7a18e3f8064 100644 --- a/etc/mtree/special +++ b/etc/mtree/special @@ -1,4 +1,4 @@ -# $OpenBSD: special,v 1.47 2002/10/04 23:28:38 deraadt Exp $ +# $OpenBSD: special,v 1.48 2002/11/21 21:25:19 millert Exp $ # $NetBSD: special,v 1.4 1996/05/08 21:30:18 pk Exp $ # @(#)special 8.2 (Berkeley) 1/23/94 # @@ -69,7 +69,7 @@ security type=file mode=0644 uname=root gname=wheel shells type=file mode=0644 uname=root gname=wheel skey type=dir mode=01730 uname=root gname=auth optional .. #skey -spwd.db type=file mode=0600 uname=root gname=wheel +spwd.db type=file mode=0640 uname=root gname=shadow ssh type=dir mode=0755 uname=root gname=wheel optional ssh_config type=file mode=0644 uname=root gname=wheel ssh_host_dsa_key type=file mode=0600 uname=root gname=wheel optional |