diff --git a/etc/login.defs b/etc/login.defs index 5ac62d63..74312d70 100644 --- a/etc/login.defs +++ b/etc/login.defs @@ -393,3 +393,8 @@ USERGROUPS_ENAB yes # #CREATE_HOME yes +# +# Force use shadow, even if shadow passwd & shadow group files are +# missing. +# +#FORCE_SHADOW yes diff --git a/lib/commonio.c b/lib/commonio.c index 8ff0e07d..2e2f7785 100644 --- a/lib/commonio.c +++ b/lib/commonio.c @@ -968,11 +968,10 @@ int commonio_close (struct commonio_db *db) } else { /* * Default permissions for new [g]shadow files. - * (passwd and group always exist...) */ - sb.st_mode = 0400; - sb.st_uid = 0; - sb.st_gid = 0; + sb.st_mode = db->st_mode; + sb.st_uid = db->st_uid; + sb.st_gid = db->st_gid; } snprintf (buf, sizeof buf, "%s+", db->filename); diff --git a/lib/commonio.h b/lib/commonio.h index 0a316f9c..cb4e9616 100644 --- a/lib/commonio.h +++ b/lib/commonio.h @@ -123,6 +123,12 @@ struct commonio_db { #ifdef WITH_SELINUX /*@null@*/security_context_t scontext; #endif + /* + * Default permissions and owner for newly created data file. + */ + mode_t st_mode; + uid_t st_uid; + gid_t st_gid; /* * Head, tail, current position in linked list. */ diff --git a/lib/getdef.c b/lib/getdef.c index b5f780ca..bea28129 100644 --- a/lib/getdef.c +++ b/lib/getdef.c @@ -49,6 +49,32 @@ struct itemdef { /*@null@*/char *value; /* value given, or NULL if no value */ }; +#define PAMDEFS \ + {"CHFN_AUTH", NULL}, \ + {"CHSH_AUTH", NULL}, \ + {"CRACKLIB_DICTPATH", NULL}, \ + {"ENV_HZ", NULL}, \ + {"ENVIRON_FILE", NULL}, \ + {"ENV_TZ", NULL}, \ + {"FAILLOG_ENAB", NULL}, \ + {"FTMP_FILE", NULL}, \ + {"ISSUE_FILE", NULL}, \ + {"LASTLOG_ENAB", NULL}, \ + {"LOGIN_STRING", NULL}, \ + {"MAIL_CHECK_ENAB", NULL}, \ + {"MOTD_FILE", NULL}, \ + {"NOLOGINS_FILE", NULL}, \ + {"OBSCURE_CHECKS_ENAB", NULL}, \ + {"PASS_ALWAYS_WARN", NULL}, \ + {"PASS_CHANGE_TRIES", NULL}, \ + {"PASS_MAX_LEN", NULL}, \ + {"PASS_MIN_LEN", NULL}, \ + {"PORTTIME_CHECKS_ENAB", NULL}, \ + {"QUOTAS_ENAB", NULL}, \ + {"SU_WHEEL_ONLY", NULL}, \ + {"ULIMIT", NULL}, + + #define NUMDEFS (sizeof(def_table)/sizeof(def_table[0])) static struct itemdef def_table[] = { {"CHFN_RESTRICT", NULL}, @@ -102,29 +128,7 @@ static struct itemdef def_table[] = { {"USERDEL_CMD", NULL}, {"USERGROUPS_ENAB", NULL}, #ifndef USE_PAM - {"CHFN_AUTH", NULL}, - {"CHSH_AUTH", NULL}, - {"CRACKLIB_DICTPATH", NULL}, - {"ENV_HZ", NULL}, - {"ENVIRON_FILE", NULL}, - {"ENV_TZ", NULL}, - {"FAILLOG_ENAB", NULL}, - {"FTMP_FILE", NULL}, - {"ISSUE_FILE", NULL}, - {"LASTLOG_ENAB", NULL}, - {"LOGIN_STRING", NULL}, - {"MAIL_CHECK_ENAB", NULL}, - {"MOTD_FILE", NULL}, - {"NOLOGINS_FILE", NULL}, - {"OBSCURE_CHECKS_ENAB", NULL}, - {"PASS_ALWAYS_WARN", NULL}, - {"PASS_CHANGE_TRIES", NULL}, - {"PASS_MAX_LEN", NULL}, - {"PASS_MIN_LEN", NULL}, - {"PORTTIME_CHECKS_ENAB", NULL}, - {"QUOTAS_ENAB", NULL}, - {"SU_WHEEL_ONLY", NULL}, - {"ULIMIT", NULL}, + PAMDEFS #endif #ifdef USE_SYSLOG {"SYSLOG_SG_ENAB", NULL}, @@ -135,9 +139,17 @@ static struct itemdef def_table[] = { {"TCB_SYMLINKS", NULL}, {"USE_TCB", NULL}, #endif + {"FORCE_SHADOW", NULL}, {NULL, NULL} }; +#define NUMKNOWNDEFS (sizeof(knowndef_table)/sizeof(knowndef_table[0])) +static struct itemdef knowndef_table[] = { +#ifdef USE_PAM + PAMDEFS +#endif +}; + #ifndef LOGINDEFS #define LOGINDEFS "/etc/login.defs" #endif @@ -397,10 +409,17 @@ static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *name) * Item was never found. */ + for (ptr = knowndef_table; NULL != ptr->name; ptr++) { + if (strcmp (ptr->name, name) == 0) { + goto out; + } + } fprintf (stderr, _("configuration error - unknown item '%s' (notify administrator)\n"), name); SYSLOG ((LOG_CRIT, "unknown configuration item `%s'", name)); + +out: return (struct itemdef *) NULL; } @@ -416,23 +435,26 @@ static void def_load (void) FILE *fp; char buf[1024], *name, *value, *s; + /* + * Set the initialized flag. + * (do it early to prevent recursion in putdef_str()) + */ + def_loaded = true; + /* * Open the configuration definitions file. */ fp = fopen (def_fname, "r"); if (NULL == fp) { + if (errno == ENOENT) + return; + int err = errno; SYSLOG ((LOG_CRIT, "cannot open login definitions %s [%s]", def_fname, strerror (err))); exit (EXIT_FAILURE); } - /* - * Set the initialized flag. - * (do it early to prevent recursion in putdef_str()) - */ - def_loaded = true; - /* * Go through all of the lines in the file. */ diff --git a/lib/groupio.c b/lib/groupio.c index 2a37bfd9..3ad4736b 100644 --- a/lib/groupio.c +++ b/lib/groupio.c @@ -130,6 +130,9 @@ static /*@owned@*/struct commonio_db group_db = { #ifdef WITH_SELINUX NULL, /* scontext */ #endif + 0644, /* st_mode */ + 0, /* st_uid */ + 0, /* st_gid */ NULL, /* head */ NULL, /* tail */ NULL, /* cursor */ diff --git a/lib/pwio.c b/lib/pwio.c index 793c2e5a..7ee85377 100644 --- a/lib/pwio.c +++ b/lib/pwio.c @@ -105,6 +105,9 @@ static struct commonio_db passwd_db = { #ifdef WITH_SELINUX NULL, /* scontext */ #endif + 0644, /* st_mode */ + 0, /* st_uid */ + 0, /* st_gid */ NULL, /* head */ NULL, /* tail */ NULL, /* cursor */ diff --git a/lib/sgroupio.c b/lib/sgroupio.c index faed0adf..f2685779 100644 --- a/lib/sgroupio.c +++ b/lib/sgroupio.c @@ -228,6 +228,9 @@ static struct commonio_db gshadow_db = { #ifdef WITH_SELINUX NULL, /* scontext */ #endif + 0400, /* st_mode */ + 0, /* st_uid */ + 0, /* st_gid */ NULL, /* head */ NULL, /* tail */ NULL, /* cursor */ @@ -249,6 +252,8 @@ int sgr_setdbname (const char *filename) bool sgr_file_present (void) { + if (getdef_bool ("FORCE_SHADOW")) + return true; return commonio_present (&gshadow_db); } diff --git a/lib/shadowio.c b/lib/shadowio.c index 2930e65d..6e44ab24 100644 --- a/lib/shadowio.c +++ b/lib/shadowio.c @@ -104,6 +104,9 @@ static struct commonio_db shadow_db = { #ifdef WITH_SELINUX NULL, /* scontext */ #endif /* WITH_SELINUX */ + 0400, /* st_mode */ + 0, /* st_uid */ + 0, /* st_gid */ NULL, /* head */ NULL, /* tail */ NULL, /* cursor */ @@ -125,6 +128,8 @@ int spw_setdbname (const char *filename) bool spw_file_present (void) { + if (getdef_bool ("FORCE_SHADOW")) + return true; return commonio_present (&shadow_db); } diff --git a/lib/subordinateio.c b/lib/subordinateio.c index 88cc5817..0d64a914 100644 --- a/lib/subordinateio.c +++ b/lib/subordinateio.c @@ -541,6 +541,9 @@ static struct commonio_db subordinate_uid_db = { #ifdef WITH_SELINUX NULL, /* scontext */ #endif + 0644, /* st_mode */ + 0, /* st_uid */ + 0, /* st_gid */ NULL, /* head */ NULL, /* tail */ NULL, /* cursor */ @@ -619,6 +622,9 @@ static struct commonio_db subordinate_gid_db = { #ifdef WITH_SELINUX NULL, /* scontext */ #endif + 0644, /* st_mode */ + 0, /* st_uid */ + 0, /* st_gid */ NULL, /* head */ NULL, /* tail */ NULL, /* cursor */ diff --git a/src/chage.c b/src/chage.c index 2df65a94..617e90f1 100644 --- a/src/chage.c +++ b/src/chage.c @@ -592,7 +592,7 @@ static void open_files (bool readonly) } pw_locked = true; } - if (pw_open (readonly ? O_RDONLY: O_RDWR) == 0) { + if (pw_open (readonly ? O_RDONLY: O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ()); SYSLOG ((LOG_WARN, "cannot open %s", pw_dbname ())); fail_exit (E_NOPERM); @@ -613,7 +613,7 @@ static void open_files (bool readonly) } spw_locked = true; } - if (spw_open (readonly ? O_RDONLY: O_RDWR) == 0) { + if (spw_open (readonly ? O_RDONLY: O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, spw_dbname ()); SYSLOG ((LOG_WARN, "cannot open %s", spw_dbname ())); diff --git a/src/chfn.c b/src/chfn.c index a022c1a3..18aa3de7 100644 --- a/src/chfn.c +++ b/src/chfn.c @@ -463,7 +463,7 @@ static void update_gecos (const char *user, char *gecos) fail_exit (E_NOPERM); } pw_locked = true; - if (pw_open (O_RDWR) == 0) { + if (pw_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ()); fail_exit (E_NOPERM); diff --git a/src/chgpasswd.c b/src/chgpasswd.c index 4dd5fbab..13203a46 100644 --- a/src/chgpasswd.c +++ b/src/chgpasswd.c @@ -316,7 +316,7 @@ static void open_files (void) fail_exit (1); } gr_locked = true; - if (gr_open (O_RDWR) == 0) { + if (gr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); fail_exit (1); @@ -332,7 +332,7 @@ static void open_files (void) fail_exit (1); } sgr_locked = true; - if (sgr_open (O_RDWR) == 0) { + if (sgr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ()); fail_exit (1); diff --git a/src/chpasswd.c b/src/chpasswd.c index 78436d6a..21008f58 100644 --- a/src/chpasswd.c +++ b/src/chpasswd.c @@ -313,7 +313,7 @@ static void open_files (void) fail_exit (1); } pw_locked = true; - if (pw_open (O_RDWR) == 0) { + if (pw_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ()); fail_exit (1); @@ -328,7 +328,7 @@ static void open_files (void) fail_exit (1); } spw_locked = true; - if (spw_open (O_RDWR) == 0) { + if (spw_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, spw_dbname ()); diff --git a/src/chsh.c b/src/chsh.c index 393a79ff..c89708b9 100644 --- a/src/chsh.c +++ b/src/chsh.c @@ -373,7 +373,7 @@ static void update_shell (const char *user, char *newshell) fail_exit (1); } pw_locked = true; - if (pw_open (O_RDWR) == 0) { + if (pw_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ()); SYSLOG ((LOG_WARN, "cannot open %s", pw_dbname ())); fail_exit (1); diff --git a/src/gpasswd.c b/src/gpasswd.c index 8959a35a..27ad9599 100644 --- a/src/gpasswd.c +++ b/src/gpasswd.c @@ -370,7 +370,7 @@ static void open_files (void) add_cleanup (log_gpasswd_failure_system, NULL); - if (gr_open (O_RDWR) == 0) { + if (gr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); @@ -380,7 +380,7 @@ static void open_files (void) #ifdef SHADOWGRP if (is_shadowgrp) { - if (sgr_open (O_RDWR) == 0) { + if (sgr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ()); diff --git a/src/groupadd.c b/src/groupadd.c index 39b4ec02..179438fb 100644 --- a/src/groupadd.c +++ b/src/groupadd.c @@ -346,7 +346,7 @@ static void open_files (void) add_cleanup (cleanup_report_add_group, group_name); /* And now open the databases */ - if (gr_open (O_RDWR) == 0) { + if (gr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ())); exit (E_GRP_UPDATE); @@ -354,7 +354,7 @@ static void open_files (void) #ifdef SHADOWGRP if (is_shadow_grp) { - if (sgr_open (O_RDWR) == 0) { + if (sgr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ()); diff --git a/src/groupdel.c b/src/groupdel.c index d613a66e..11e522b1 100644 --- a/src/groupdel.c +++ b/src/groupdel.c @@ -248,7 +248,7 @@ static void open_files (void) add_cleanup (cleanup_report_del_group, group_name); /* An now open the databases */ - if (gr_open (O_RDWR) == 0) { + if (gr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); @@ -257,7 +257,7 @@ static void open_files (void) } #ifdef SHADOWGRP if (is_shadow_grp) { - if (sgr_open (O_RDWR) == 0) { + if (sgr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ()); diff --git a/src/groupmems.c b/src/groupmems.c index e4f107f9..4a49e10b 100644 --- a/src/groupmems.c +++ b/src/groupmems.c @@ -536,14 +536,14 @@ static void open_files (void) #endif } - if (gr_open (list ? O_RDONLY : O_RDWR) == 0) { + if (gr_open (list ? O_RDONLY : O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); fail_exit (EXIT_GROUP_FILE); } #ifdef SHADOWGRP if (is_shadowgrp) { - if (sgr_open (list ? O_RDONLY : O_RDWR) == 0) { + if (sgr_open (list ? O_RDONLY : O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ()); fail_exit (EXIT_GROUP_FILE); } diff --git a/src/groupmod.c b/src/groupmod.c index d9d38071..757c1a40 100644 --- a/src/groupmod.c +++ b/src/groupmod.c @@ -663,7 +663,7 @@ static void lock_files (void) */ static void open_files (void) { - if (gr_open (O_RDWR) == 0) { + if (gr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ())); exit (E_GRP_UPDATE); @@ -672,7 +672,7 @@ static void open_files (void) #ifdef SHADOWGRP if ( is_shadow_grp && (pflg || nflg)) { - if (sgr_open (O_RDWR) == 0) { + if (sgr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ()); @@ -683,7 +683,7 @@ static void open_files (void) #endif /* SHADOWGRP */ if (gflg) { - if (pw_open (O_RDWR) == 0) { + if (pw_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ()); diff --git a/src/grpck.c b/src/grpck.c index 9d1ed903..ea5d3b39 100644 --- a/src/grpck.c +++ b/src/grpck.c @@ -299,7 +299,7 @@ static void open_files (void) * Open the files. Use O_RDONLY if we are in read_only mode, * O_RDWR otherwise. */ - if (gr_open (read_only ? O_RDONLY : O_RDWR) == 0) { + if (gr_open (read_only ? O_RDONLY : O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, grp_file); if (use_system_grp_file) { @@ -308,7 +308,7 @@ static void open_files (void) fail_exit (E_CANT_OPEN); } #ifdef SHADOWGRP - if (is_shadow && (sgr_open (read_only ? O_RDONLY : O_RDWR) == 0)) { + if (is_shadow && (sgr_open (read_only ? O_RDONLY : O_CREAT | O_RDWR) == 0)) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_file); if (use_system_sgr_file) { diff --git a/src/grpconv.c b/src/grpconv.c index ece8095d..f681f07f 100644 --- a/src/grpconv.c +++ b/src/grpconv.c @@ -163,7 +163,7 @@ int main (int argc, char **argv) fail_exit (5); } gr_locked = true; - if (gr_open (O_RDWR) == 0) { + if (gr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); fail_exit (1); } diff --git a/src/grpunconv.c b/src/grpunconv.c index ea8914cb..253f06f5 100644 --- a/src/grpunconv.c +++ b/src/grpunconv.c @@ -166,7 +166,7 @@ int main (int argc, char **argv) fail_exit (5); } gr_locked = true; - if (gr_open (O_RDWR) == 0) { + if (gr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); fail_exit (1); diff --git a/src/newusers.c b/src/newusers.c index a90d04ee..724cbb40 100644 --- a/src/newusers.c +++ b/src/newusers.c @@ -805,27 +805,27 @@ static void open_files (void) } #endif /* ENABLE_SUBIDS */ - if (pw_open (O_RDWR) == 0) { + if (pw_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ()); fail_exit (EXIT_FAILURE); } - if (is_shadow && (spw_open (O_RDWR) == 0)) { + if (is_shadow && (spw_open (O_CREAT | O_RDWR) == 0)) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, spw_dbname ()); fail_exit (EXIT_FAILURE); } - if (gr_open (O_RDWR) == 0) { + if (gr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); fail_exit (EXIT_FAILURE); } #ifdef SHADOWGRP - if (is_shadow_grp && (sgr_open (O_RDWR) == 0)) { + if (is_shadow_grp && (sgr_open (O_CREAT | O_RDWR) == 0)) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ()); fail_exit (EXIT_FAILURE); } #endif #ifdef ENABLE_SUBIDS if (is_sub_uid) { - if (sub_uid_open (O_RDWR) == 0) { + if (sub_uid_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sub_uid_dbname ()); @@ -833,7 +833,7 @@ static void open_files (void) } } if (is_sub_gid) { - if (sub_gid_open (O_RDWR) == 0) { + if (sub_gid_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sub_gid_dbname ()); diff --git a/src/passwd.c b/src/passwd.c index 3424f3bf..1191111d 100644 --- a/src/passwd.c +++ b/src/passwd.c @@ -573,7 +573,7 @@ static void update_noshadow (void) exit (E_PWDBUSY); } pw_locked = true; - if (pw_open (O_RDWR) == 0) { + if (pw_open (O_CREAT | O_RDWR) == 0) { (void) fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ()); @@ -627,7 +627,7 @@ static void update_shadow (void) exit (E_PWDBUSY); } spw_locked = true; - if (spw_open (O_RDWR) == 0) { + if (spw_open (O_CREAT | O_RDWR) == 0) { (void) fprintf (stderr, _("%s: cannot open %s\n"), Prog, spw_dbname ()); diff --git a/src/pwck.c b/src/pwck.c index 05df68ec..523135f6 100644 --- a/src/pwck.c +++ b/src/pwck.c @@ -281,7 +281,7 @@ static void open_files (void) * Open the files. Use O_RDONLY if we are in read_only mode, O_RDWR * otherwise. */ - if (pw_open (read_only ? O_RDONLY : O_RDWR) == 0) { + if (pw_open (read_only ? O_RDONLY : O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ()); if (use_system_pw_file) { @@ -290,7 +290,7 @@ static void open_files (void) fail_exit (E_CANTOPEN); } if (is_shadow && !use_tcb) { - if (spw_open (read_only ? O_RDONLY : O_RDWR) == 0) { + if (spw_open (read_only ? O_RDONLY : O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, spw_dbname ()); if (use_system_spw_file) { @@ -566,7 +566,7 @@ static void check_pw_file (int *errors, bool *changed) continue; } spw_locked = true; - if (spw_open (read_only ? O_RDONLY : O_RDWR) == 0) { + if (spw_open (read_only ? O_RDONLY : O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, spw_dbname ()); diff --git a/src/pwconv.c b/src/pwconv.c index d41d5dd2..e2d61f87 100644 --- a/src/pwconv.c +++ b/src/pwconv.c @@ -200,7 +200,7 @@ int main (int argc, char **argv) fail_exit (E_PWDBUSY); } pw_locked = true; - if (pw_open (O_RDWR) == 0) { + if (pw_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ()); fail_exit (E_MISSING); diff --git a/src/pwunconv.c b/src/pwunconv.c index 62e2af04..fabf0237 100644 --- a/src/pwunconv.c +++ b/src/pwunconv.c @@ -166,7 +166,7 @@ int main (int argc, char **argv) fail_exit (5); } pw_locked = true; - if (pw_open (O_RDWR) == 0) { + if (pw_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ()); diff --git a/src/useradd.c b/src/useradd.c index 1b65bf44..31ea5845 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -1537,7 +1537,7 @@ static void open_files (void) exit (E_PW_UPDATE); } pw_locked = true; - if (pw_open (O_RDWR) == 0) { + if (pw_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ()); fail_exit (E_PW_UPDATE); } @@ -1554,7 +1554,7 @@ static void open_files (void) fail_exit (E_GRP_UPDATE); } gr_locked = true; - if (gr_open (O_RDWR) == 0) { + if (gr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); fail_exit (E_GRP_UPDATE); } @@ -1567,7 +1567,7 @@ static void open_files (void) fail_exit (E_GRP_UPDATE); } sgr_locked = true; - if (sgr_open (O_RDWR) == 0) { + if (sgr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ()); @@ -1584,7 +1584,7 @@ static void open_files (void) fail_exit (E_SUB_UID_UPDATE); } sub_uid_locked = true; - if (sub_uid_open (O_RDWR) == 0) { + if (sub_uid_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sub_uid_dbname ()); @@ -1599,7 +1599,7 @@ static void open_files (void) fail_exit (E_SUB_GID_UPDATE); } sub_gid_locked = true; - if (sub_gid_open (O_RDWR) == 0) { + if (sub_gid_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sub_gid_dbname ()); @@ -1621,7 +1621,7 @@ static void open_shadow (void) fail_exit (E_PW_UPDATE); } spw_locked = true; - if (spw_open (O_RDWR) == 0) { + if (spw_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, spw_dbname ()); diff --git a/src/userdel.c b/src/userdel.c index 19b12bc4..9092b5c1 100644 --- a/src/userdel.c +++ b/src/userdel.c @@ -565,7 +565,7 @@ static void open_files (void) fail_exit (E_PW_UPDATE); } pw_locked = true; - if (pw_open (O_RDWR) == 0) { + if (pw_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ()); #ifdef WITH_AUDIT @@ -590,7 +590,7 @@ static void open_files (void) fail_exit (E_PW_UPDATE); } spw_locked = true; - if (spw_open (O_RDWR) == 0) { + if (spw_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, spw_dbname ()); @@ -616,7 +616,7 @@ static void open_files (void) fail_exit (E_GRP_UPDATE); } gr_locked = true; - if (gr_open (O_RDWR) == 0) { + if (gr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -641,7 +641,7 @@ static void open_files (void) fail_exit (E_GRP_UPDATE); } sgr_locked= true; - if (sgr_open (O_RDWR) == 0) { + if (sgr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ()); #ifdef WITH_AUDIT @@ -669,7 +669,7 @@ static void open_files (void) fail_exit (E_SUB_UID_UPDATE); } sub_uid_locked = true; - if (sub_uid_open (O_RDWR) == 0) { + if (sub_uid_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sub_uid_dbname ()); #ifdef WITH_AUDIT @@ -695,7 +695,7 @@ static void open_files (void) fail_exit (E_SUB_GID_UPDATE); } sub_gid_locked = true; - if (sub_gid_open (O_RDWR) == 0) { + if (sub_gid_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sub_gid_dbname ()); #ifdef WITH_AUDIT diff --git a/src/usermod.c b/src/usermod.c index 1b1e33a5..687487d9 100644 --- a/src/usermod.c +++ b/src/usermod.c @@ -1532,7 +1532,7 @@ static void open_files (void) fail_exit (E_PW_UPDATE); } pw_locked = true; - if (pw_open (O_RDWR) == 0) { + if (pw_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ()); @@ -1545,7 +1545,7 @@ static void open_files (void) fail_exit (E_PW_UPDATE); } spw_locked = true; - if (is_shadow_pwd && (spw_open (O_RDWR) == 0)) { + if (is_shadow_pwd && (spw_open (O_CREAT | O_RDWR) == 0)) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, spw_dbname ()); @@ -1564,7 +1564,7 @@ static void open_files (void) fail_exit (E_GRP_UPDATE); } gr_locked = true; - if (gr_open (O_RDWR) == 0) { + if (gr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); @@ -1578,7 +1578,7 @@ static void open_files (void) fail_exit (E_GRP_UPDATE); } sgr_locked = true; - if (is_shadow_grp && (sgr_open (O_RDWR) == 0)) { + if (is_shadow_grp && (sgr_open (O_CREAT | O_RDWR) == 0)) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ()); @@ -1595,7 +1595,7 @@ static void open_files (void) fail_exit (E_SUB_UID_UPDATE); } sub_uid_locked = true; - if (sub_uid_open (O_RDWR) == 0) { + if (sub_uid_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sub_uid_dbname ()); @@ -1610,7 +1610,7 @@ static void open_files (void) fail_exit (E_SUB_GID_UPDATE); } sub_gid_locked = true; - if (sub_gid_open (O_RDWR) == 0) { + if (sub_gid_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sub_gid_dbname ());