Blame SOURCES/shadow-4.6-chgrp-guard.patch

4fb1b2
diff -up shadow-4.6/man/usermod.8.xml.chgrp-guard shadow-4.6/man/usermod.8.xml
4fb1b2
--- shadow-4.6/man/usermod.8.xml.chgrp-guard	2018-11-06 09:08:54.170095358 +0100
4fb1b2
+++ shadow-4.6/man/usermod.8.xml	2018-12-18 15:24:12.283181180 +0100
4fb1b2
@@ -195,6 +195,12 @@
4fb1b2
 	    The group ownership of files outside of the user's home directory
4fb1b2
 	    must be fixed manually.
4fb1b2
 	  </para>
4fb1b2
+	  <para>
4fb1b2
+	    The change of the group ownership of files inside of the user's
4fb1b2
+	    home directory is also not done if the home dir owner uid is
4fb1b2
+	    different from the current or new user id. This is safety measure
4fb1b2
+	    for special home directories such as <filename>/</filename>.
4fb1b2
+	  </para>
4fb1b2
 	</listitem>
4fb1b2
       </varlistentry>
4fb1b2
       <varlistentry>
4fb1b2
@@ -372,6 +378,12 @@
4fb1b2
 	    must be fixed manually.
4fb1b2
 	  </para>
4fb1b2
 	  <para>
4fb1b2
+	    The change of the user ownership of files inside of the user's
4fb1b2
+	    home directory is also not done if the home dir owner uid is
4fb1b2
+	    different from the current or new user id. This is safety measure
4fb1b2
+	    for special home directories such as <filename>/</filename>.
4fb1b2
+	  </para>
4fb1b2
+	  <para>
4fb1b2
 	    No checks will be performed with regard to the
4fb1b2
 	    <option>UID_MIN</option>, <option>UID_MAX</option>,
4fb1b2
 	    <option>SYS_UID_MIN</option>, or <option>SYS_UID_MAX</option>
4fb1b2
diff -up shadow-4.6/src/usermod.c.chgrp-guard shadow-4.6/src/usermod.c
4fb1b2
--- shadow-4.6/src/usermod.c.chgrp-guard	2018-12-18 15:24:12.286181249 +0100
4fb1b2
+++ shadow-4.6/src/usermod.c	2018-12-18 15:26:51.227841435 +0100
4fb1b2
@@ -2336,7 +2336,10 @@ int main (int argc, char **argv)
4fb1b2
 	}
4fb1b2
 
4fb1b2
 	if (!mflg && (uflg || gflg)) {
4fb1b2
-		if (access (dflg ? prefix_user_newhome : prefix_user_home, F_OK) == 0) {
4fb1b2
+		struct stat sb;
4fb1b2
+
4fb1b2
+		if (stat (dflg ? prefix_user_newhome : prefix_user_home, &sb) == 0 &&
4fb1b2
+			((uflg && sb.st_uid == user_newid) || sb.st_uid == user_id)) {
4fb1b2
 			/*
4fb1b2
 			 * Change the UID on all of the files owned by
4fb1b2
 			 * `user_id' to `user_newid' in the user's home