|
|
5ab9c0 |
diff -up shadow-4.6/man/usermod.8.xml.chgrp-guard shadow-4.6/man/usermod.8.xml
|
|
|
5ab9c0 |
--- shadow-4.6/man/usermod.8.xml.chgrp-guard 2018-11-06 09:08:54.170095358 +0100
|
|
|
5ab9c0 |
+++ shadow-4.6/man/usermod.8.xml 2018-12-18 15:24:12.283181180 +0100
|
|
|
5ab9c0 |
@@ -195,6 +195,12 @@
|
|
|
5ab9c0 |
The group ownership of files outside of the user's home directory
|
|
|
5ab9c0 |
must be fixed manually.
|
|
|
5ab9c0 |
</para>
|
|
|
5ab9c0 |
+ <para>
|
|
|
5ab9c0 |
+ The change of the group ownership of files inside of the user's
|
|
|
5ab9c0 |
+ home directory is also not done if the home dir owner uid is
|
|
|
5ab9c0 |
+ different from the current or new user id. This is safety measure
|
|
|
5ab9c0 |
+ for special home directories such as <filename>/</filename>.
|
|
|
5ab9c0 |
+ </para>
|
|
|
5ab9c0 |
</listitem>
|
|
|
5ab9c0 |
</varlistentry>
|
|
|
5ab9c0 |
<varlistentry>
|
|
|
5ab9c0 |
@@ -372,6 +378,12 @@
|
|
|
5ab9c0 |
must be fixed manually.
|
|
|
5ab9c0 |
</para>
|
|
|
5ab9c0 |
<para>
|
|
|
5ab9c0 |
+ The change of the user ownership of files inside of the user's
|
|
|
5ab9c0 |
+ home directory is also not done if the home dir owner uid is
|
|
|
5ab9c0 |
+ different from the current or new user id. This is safety measure
|
|
|
5ab9c0 |
+ for special home directories such as <filename>/</filename>.
|
|
|
5ab9c0 |
+ </para>
|
|
|
5ab9c0 |
+ <para>
|
|
|
5ab9c0 |
No checks will be performed with regard to the
|
|
|
5ab9c0 |
<option>UID_MIN</option>, <option>UID_MAX</option>,
|
|
|
5ab9c0 |
<option>SYS_UID_MIN</option>, or <option>SYS_UID_MAX</option>
|
|
|
5ab9c0 |
diff -up shadow-4.6/src/usermod.c.chgrp-guard shadow-4.6/src/usermod.c
|
|
|
5ab9c0 |
--- shadow-4.6/src/usermod.c.chgrp-guard 2018-12-18 15:24:12.286181249 +0100
|
|
|
5ab9c0 |
+++ shadow-4.6/src/usermod.c 2018-12-18 15:26:51.227841435 +0100
|
|
|
5ab9c0 |
@@ -2336,7 +2336,10 @@ int main (int argc, char **argv)
|
|
|
5ab9c0 |
}
|
|
|
5ab9c0 |
|
|
|
5ab9c0 |
if (!mflg && (uflg || gflg)) {
|
|
|
5ab9c0 |
- if (access (dflg ? prefix_user_newhome : prefix_user_home, F_OK) == 0) {
|
|
|
5ab9c0 |
+ struct stat sb;
|
|
|
5ab9c0 |
+
|
|
|
5ab9c0 |
+ if (stat (dflg ? prefix_user_newhome : prefix_user_home, &sb) == 0 &&
|
|
|
5ab9c0 |
+ ((uflg && sb.st_uid == user_newid) || sb.st_uid == user_id)) {
|
|
|
5ab9c0 |
/*
|
|
|
5ab9c0 |
* Change the UID on all of the files owned by
|
|
|
5ab9c0 |
* `user_id' to `user_newid' in the user's home
|