diff options
Diffstat (limited to 'usr.sbin/pw/pw_user.c')
| -rw-r--r-- | usr.sbin/pw/pw_user.c | 36 |
1 files changed, 27 insertions, 9 deletions
diff --git a/usr.sbin/pw/pw_user.c b/usr.sbin/pw/pw_user.c index d9fd8c77c13e..413eac4882cc 100644 --- a/usr.sbin/pw/pw_user.c +++ b/usr.sbin/pw/pw_user.c @@ -86,10 +86,13 @@ mkdir_home_parents(int dfd, const char *dir) { struct stat st; char *dirs, *tmp; + mode_t pumask; + + pumask = umask(0); + umask(pumask); if (*dir != '/') errx(EX_DATAERR, "invalid base directory for home '%s'", dir); - dir++; if (fstatat(dfd, dir, &st, 0) != -1) { @@ -115,7 +118,14 @@ mkdir_home_parents(int dfd, const char *dir) *tmp = '\0'; if (fstatat(dfd, dirs, &st, 0) == -1) { if (mkdirat(dfd, dirs, _DEF_DIRMODE) == -1) - err(EX_OSFILE, "'%s' (home parent) is not a directory", dirs); + err(EX_OSFILE, + "'%s' (home parent) is not a directory", + dirs); + if (fchownat(dfd, dirs, 0, 0, 0) != 0) + warn("chown(%s)", dirs); + metalog_emit(dir, + (_DEF_DIRMODE | S_IFDIR) & ~pumask, 0, 0, + 0); } *tmp = '/'; } @@ -123,7 +133,9 @@ mkdir_home_parents(int dfd, const char *dir) if (fstatat(dfd, dirs, &st, 0) == -1) { if (mkdirat(dfd, dirs, _DEF_DIRMODE) == -1) err(EX_OSFILE, "'%s' (home parent) is not a directory", dirs); - fchownat(dfd, dirs, 0, 0, 0); + if (fchownat(dfd, dirs, 0, 0, 0) != 0) + warn("chown(%s)", dirs); + metalog_emit(dirs, (_DEF_DIRMODE | S_IFDIR) & ~pumask, 0, 0, 0); } free(dirs); @@ -238,6 +250,13 @@ perform_chgpwent(const char *name, struct passwd *pwd, char *nispasswd) } } +static void +pw_check_root(void) +{ + if (!conf.altroot && geteuid() != 0) + errx(EX_NOPERM, "you must be root"); +} + /* * The M_LOCK and M_UNLOCK functions simply add or remove * a "*LOCKED*" prefix from in front of the password to @@ -256,8 +275,7 @@ pw_userlock(char *arg1, int mode) bool locked = false; uid_t id = (uid_t)-1; - if (geteuid() != 0) - errx(EX_NOPERM, "you must be root"); + pw_check_root(); if (arg1 == NULL) errx(EX_DATAERR, "username or id required"); @@ -1324,8 +1342,8 @@ pw_user_add(int argc, char **argv, char *arg1) if (argc > 0) usage(); - if (geteuid() != 0 && ! dryrun) - errx(EX_NOPERM, "you must be root"); + if (!dryrun) + pw_check_root(); if (quiet) freopen(_PATH_DEVNULL, "w", stderr); @@ -1641,8 +1659,8 @@ pw_user_mod(int argc, char **argv, char *arg1) if (argc > 0) usage(); - if (geteuid() != 0 && ! dryrun) - errx(EX_NOPERM, "you must be root"); + if (!dryrun) + pw_check_root(); if (quiet) freopen(_PATH_DEVNULL, "w", stderr); |