From 2386d041ffdf7328f29f13e26f6e934109cae29e Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Thu, 21 Nov 2002 21:25:20 +0000 Subject: Add a "shadow" group and make the shadow passwd db readable by that group. This changes getpw* to always try the shadow db first and then fall back to the db w/o password hashes. In the future, /usr/libexec/auth/login_passwd (and others) will be setgid shadow instead of setuid root. OK deraadt@ If you track -current you should do the following: o add group shadow to /etc/group o chgrp shadow /etc/spwd.db o chmod 640 /etc/spwd.db o rebuild and install src/usr.sbin/pwd_mkdb You do not need to rebuild libc yet, but it would't hurt to do so. --- etc/mtree/special | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'etc/mtree') diff --git a/etc/mtree/special b/etc/mtree/special index a0cb05b0b13..7a18e3f8064 100644 --- a/etc/mtree/special +++ b/etc/mtree/special @@ -1,4 +1,4 @@ -# $OpenBSD: special,v 1.47 2002/10/04 23:28:38 deraadt Exp $ +# $OpenBSD: special,v 1.48 2002/11/21 21:25:19 millert Exp $ # $NetBSD: special,v 1.4 1996/05/08 21:30:18 pk Exp $ # @(#)special 8.2 (Berkeley) 1/23/94 # @@ -69,7 +69,7 @@ security type=file mode=0644 uname=root gname=wheel shells type=file mode=0644 uname=root gname=wheel skey type=dir mode=01730 uname=root gname=auth optional .. #skey -spwd.db type=file mode=0600 uname=root gname=wheel +spwd.db type=file mode=0640 uname=root gname=shadow ssh type=dir mode=0755 uname=root gname=wheel optional ssh_config type=file mode=0644 uname=root gname=wheel ssh_host_dsa_key type=file mode=0600 uname=root gname=wheel optional -- cgit v1.2.3