Blame SOURCES/shadow-4.6-chgrp-guard.patch

5ab9c0
diff -up shadow-4.6/man/usermod.8.xml.chgrp-guard shadow-4.6/man/usermod.8.xml
5ab9c0
--- shadow-4.6/man/usermod.8.xml.chgrp-guard	2018-11-06 09:08:54.170095358 +0100
5ab9c0
+++ shadow-4.6/man/usermod.8.xml	2018-12-18 15:24:12.283181180 +0100
5ab9c0
@@ -195,6 +195,12 @@
5ab9c0
 	    The group ownership of files outside of the user's home directory
5ab9c0
 	    must be fixed manually.
5ab9c0
 	  </para>
5ab9c0
+	  <para>
5ab9c0
+	    The change of the group ownership of files inside of the user's
5ab9c0
+	    home directory is also not done if the home dir owner uid is
5ab9c0
+	    different from the current or new user id. This is safety measure
5ab9c0
+	    for special home directories such as <filename>/</filename>.
5ab9c0
+	  </para>
5ab9c0
 	</listitem>
5ab9c0
       </varlistentry>
5ab9c0
       <varlistentry>
5ab9c0
@@ -372,6 +378,12 @@
5ab9c0
 	    must be fixed manually.
5ab9c0
 	  </para>
5ab9c0
 	  <para>
5ab9c0
+	    The change of the user ownership of files inside of the user's
5ab9c0
+	    home directory is also not done if the home dir owner uid is
5ab9c0
+	    different from the current or new user id. This is safety measure
5ab9c0
+	    for special home directories such as <filename>/</filename>.
5ab9c0
+	  </para>
5ab9c0
+	  <para>
5ab9c0
 	    No checks will be performed with regard to the
5ab9c0
 	    <option>UID_MIN</option>, <option>UID_MAX</option>,
5ab9c0
 	    <option>SYS_UID_MIN</option>, or <option>SYS_UID_MAX</option>
5ab9c0
diff -up shadow-4.6/src/usermod.c.chgrp-guard shadow-4.6/src/usermod.c
5ab9c0
--- shadow-4.6/src/usermod.c.chgrp-guard	2018-12-18 15:24:12.286181249 +0100
5ab9c0
+++ shadow-4.6/src/usermod.c	2018-12-18 15:26:51.227841435 +0100
5ab9c0
@@ -2336,7 +2336,10 @@ int main (int argc, char **argv)
5ab9c0
 	}
5ab9c0
 
5ab9c0
 	if (!mflg && (uflg || gflg)) {
5ab9c0
-		if (access (dflg ? prefix_user_newhome : prefix_user_home, F_OK) == 0) {
5ab9c0
+		struct stat sb;
5ab9c0
+
5ab9c0
+		if (stat (dflg ? prefix_user_newhome : prefix_user_home, &sb) == 0 &&
5ab9c0
+			((uflg && sb.st_uid == user_newid) || sb.st_uid == user_id)) {
5ab9c0
 			/*
5ab9c0
 			 * Change the UID on all of the files owned by
5ab9c0
 			 * `user_id' to `user_newid' in the user's home