[file permission] explicitly set file permission on passwd, group, shadow (#3652)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-10-22 19:02:08 -07:00 · 2019-10-22 19:02:08 -07:00 · 9fb1860425
commit 9fb1860425
parent a0fbeeaca5
1 changed files with 7 additions and 0 deletions
--- a/build_debian.sh
+++ b/build_debian.sh
@ -282,6 +282,13 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in
    mcelog
 fi

+## Set /etc/shadow permissions to -rw-------.
+sudo LANG=c chroot $FILESYSTEM_ROOT chmod 600 /etc/shadow
+
+## Set /etc/passwd, /etc/group permissions to -rw-r--r--.
+sudo LANG=c chroot $FILESYSTEM_ROOT chmod 644 /etc/passwd
+sudo LANG=c chroot $FILESYSTEM_ROOT chmod 644 /etc/group
+
 #Adds a locale to a debian system in non-interactive mode
 sudo sed -i '/^#.* en_US.* /s/^#//' $FILESYSTEM_ROOT/etc/locale.gen && \
    sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT locale-gen "en_US.UTF-8"