summaryrefslogtreecommitdiff
path: root/modules/pam_faillock/faillock.c
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_faillock/faillock.c')
-rw-r--r--modules/pam_faillock/faillock.c17
1 files changed, 16 insertions, 1 deletions
diff --git a/modules/pam_faillock/faillock.c b/modules/pam_faillock/faillock.c
index e492f5f9..091f253a 100644
--- a/modules/pam_faillock/faillock.c
+++ b/modules/pam_faillock/faillock.c
@@ -74,9 +74,12 @@ open_tally (const char *dir, const char *user, uid_t uid, int create)
if (create) {
flags |= O_CREAT;
+ if (access(dir, F_OK) != 0) {
+ mkdir(dir, 0755);
+ }
}
- fd = open(path, flags, 0600);
+ fd = open(path, flags, 0660);
free(path);
@@ -88,6 +91,18 @@ open_tally (const char *dir, const char *user, uid_t uid, int create)
if (st.st_uid != uid) {
ignore_return(fchown(fd, uid, -1));
}
+
+ /*
+ * If umask is set to 022, as will probably in most systems, then the
+ * group will not be able to write to the file. So, change the file
+ * permissions just in case.
+ * Note: owners of this file are user:root, so if the permissions are
+ * not changed the root process writing to this file will require
+ * CAP_DAC_OVERRIDE.
+ */
+ if (!(st.st_mode & S_IWGRP)) {
+ ignore_return(fchmod(fd, 0660));
+ }
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-24 05:37:54 +0000