Comment 4 for bug 26175

Looking at /sbin/unix_chkpwd I noticed that is set-gid shadow, but the
/etc/shadow file had permissions that meant it could only be read by root:

-rwxr-sr-x 1 root shadow 14988 2005-09-12 19:12 /sbin/unix_chkpwd
-rw-r----- 1 root root 926 2005-12-16 22:07 /etc/shadow

I chowned /etc/shadow to be root:shadow, and now kcheckpass works properly
without having to be set-uid root. I'm not 100% sure if this change of group on
/etc/shadow has other implications, but it seems reasonable for it to be like this.

So now I have:
-rw-r----- 1 root shadow 926 2005-12-16 22:07 /etc/shadow
-rwxr-sr-x 1 root shadow 14988 2005-09-12 19:12 /sbin/unix_chkpwd
-rwxr-xr-x 1 root root 10048 2005-11-04 00:59 /usr/bin/kcheckpass

The only difference from the default install here is the group of the
/etc/shadow file. I think the installer is the culprit (I'm fairly sure I
didn't change it, unless the KDE user tools have done something without telling
me).