Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 594395 - wrong users and groups creation in spec file
Summary: wrong users and groups creation in spec file
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: httpd
Version: 6.0
Hardware: All
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: Joe Orton
QA Contact: Ondrej Moriš
URL:
Whiteboard:
Depends On:
Blocks: 593683
TreeView+ depends on / blocked
 
Reported: 2010-05-20 14:54 UTC by Peter Vrabec
Modified: 2010-11-10 20:38 UTC (History)
2 users (show)

Fixed In Version: httpd-2.2.15-3.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-11-10 20:38:50 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Peter Vrabec 2010-05-20 14:54:57 UTC
Description of problem:
Please fix user/group creation in your spec file[1]. There were problems when
(UID != GID) && (UID<200) [2]. For example:
tryitd:x:194:482:TryIt:/:/sbin/nologin

Problem was caused by change/fix of shadow-utis behaviour. useradd does not
create group with same GID as user's UID for IDs < 200 (static/reserved) unless
it's done this way:

getent group qemu >/dev/null || groupadd -g 107 -r qemu
getent passwd qemu >/dev/null || \
  useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
    -c "qemu user" qemu


This issue should be fixed as soon as possible. Note, it can't be resolved by
any update once we have RHEL6 GA. Please fix it in Fedora too. thnx.

--------
[1] https://fedoraproject.org/wiki/Packaging:UsersAndGroups 
[2] https://bugzilla.redhat.com/show_bug.cgi?id=593683

Comment 3 Ondrej Moriš 2010-07-21 10:45:48 UTC
Successfully verified on RHEL6.0-20100707.4:

$ diff httpd.spec (httpd-2.2.15-2) http.spec (httpd-2.2.15-3

10c10
< Release: 2%{?dist}
---
> Release: 3%{?dist}
360,361c360,364
< /usr/sbin/useradd -c "Apache" -u 48 \
< 	-s /sbin/nologin -r -d %{contentdir} apache 2> /dev/null || :
---
> getent group apache >/dev/null || groupadd -g 48 -r apache
> getent passwd apache >/dev/null || \
>   useradd -r -u 48 -g apache -s /sbin/nologin \
>     -d %{contentdir} -c "Apache" apache
> exit 0
506a510,514
> * Tue May 25 2010 Joe Orton <jorton@redhat.com> - 2.2.15-3
> - add "Satisfy All" for .htaccess in httpd.conf (#594981)
> - adjust user/group creation in %%pre (#594395)
> - mod_ssl: tweak OID() evaluation of unknown exts (#594980)
> 

Build via rpmbuild is correct and both user and group are created with uid = gid:

$ getent passwd apache ; getent group apache

apache:x:48:48:Apache:/var/www:/sbin/nologin
apache:x:48:

Comment 4 releng-rhel@redhat.com 2010-11-10 20:38:50 UTC
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.