Attached is a patch for doing this.
This is highly Debian-specific, as I hardcoded the GID of the "shadow"
group. There are maybe cleaner ways to do this.
--
--- lib/commonio.c~ 2005-10-11 23:22:22.476195984 +0200
+++ lib/commonio.c 2005-10-11 23:32:55.476598445 +0200
@@ -673,9 +673,9 @@
* Default permissions for new [g]shadow files.
* (passwd and group always exist...)
*/
- sb.st_mode = 0400;
+ sb.st_mode = 0440;
sb.st_uid = 0;
- sb.st_gid = 0;
+ sb.st_gid = 42;
}
snprintf (buf, sizeof buf, "%s+", db->filename);
