projects / manu / libnss-mysql-bg.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Allow non root processes to authenticate users based on the shadow group
[manu/libnss-mysql-bg.git] / debian / libnss-mysql-bg.postinst
diff --git a/debian/libnss-mysql-bg.postinst b/debian/libnss-mysql-bg.postinst
index f78ffd1..d0e4df5 100644 (file)
--- a/debian/libnss-mysql-bg.postinst
+++ b/debian/libnss-mysql-bg.postinst
@@ -20,8 +20,12 @@ set -e
 case "$1" in
     configure)
 
-    # Make sur /etc/libnss-mysql-root.cfg isn't world/group readable
-    [ -f /etc/libnss-mysql-root.cfg ] && chmod 0600 /etc/libnss-mysql-root.cfg
+    # Make sur /etc/libnss-mysql-root.cfg is only root:shadow readable
+    if [ -f /etc/libnss-mysql-root.cfg ]
+    then
+        chmod 0640 /etc/libnss-mysql-root.cfg
+        chown root:shadow /etc/libnss-mysql-root.cfg
+    fi
 
     ;;
 
libnss-mysql-bg Debian package