From f0012c21628c5aa58a0e806c2c7e5314420ee62e Mon Sep 17 00:00:00 2001
From: Lucas CHOLLET <lucas.chollet@free.fr>
Date: Sun, 24 Jul 2022 13:18:07 +0200
Subject: [PATCH] SystemServer: Create accounts with
 `Account::Read::PasswdOnly`

This prevents non-root instances of SystemServer to try to open
`/etc/shadow`.
---
 Userland/Services/SystemServer/Service.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Userland/Services/SystemServer/Service.cpp b/Userland/Services/SystemServer/Service.cpp
index 980ab04ed4..2f8d6f57be 100644
--- a/Userland/Services/SystemServer/Service.cpp
+++ b/Userland/Services/SystemServer/Service.cpp
@@ -299,7 +299,7 @@ Service::Service(Core::ConfigFile const& config, StringView name)
 
     m_user = config.read_entry(name, "User");
     if (!m_user.is_null()) {
-        auto result = Core::Account::from_name(m_user.characters());
+        auto result = Core::Account::from_name(m_user.characters(), Core::Account::Read::PasswdOnly);
         if (result.is_error())
             warnln("Failed to resolve user {}: {}", m_user, result.error());
         else
@@ -417,7 +417,7 @@ ErrorOr<void> Service::determine_account(int fd)
     auto const directory_name = String::formatted("/proc/{}/", creds.pid);
     auto const stat = TRY(Core::System::stat(directory_name));
 
-    m_account = TRY(Core::Account::from_uid(stat.st_uid));
+    m_account = TRY(Core::Account::from_uid(stat.st_uid, Core::Account::Read::PasswdOnly));
     return {};
 }