Bug 1288757
Summary: | apache group not created if USERGROUPS_ENAB is 'no' | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Martin Stefany <martin> | ||||
Component: | httpd | Assignee: | Luboš Uhliarik <luhliari> | ||||
Status: | CLOSED ERRATA | QA Contact: | Martin Frodl <mfrodl> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 7.2 | CC: | gandavar, isenfeld, jayabharat, jkaluza, jorton, martin, mfrodl, rbost | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | httpd-2.4.6-41 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | |||||||
: | 1480452 (view as bug list) | Environment: | |||||
Last Closed: | 2016-11-04 08:09:54 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1480452 | ||||||
Attachments: |
|
Thanks for the report. If this issue is critical or in any way time sensitive, please raise a ticket through your regular Red Hat support channels to make certain it receives the proper attention and prioritization to assure a timely resolution. It happens in RHEL 6.7 too.. https://paste.fedoraproject.org/436041/raw/ (In reply to deadrat from comment #7) > It happens in RHEL 6.7 too.. > > > https://paste.fedoraproject.org/436041/raw/ This seems to be a different problem. Judging from the yum output, > Installing : apr-1.3.9-5.el6_2.x86_64 1/5 > Installing : apr-util-1.3.9-3.el6_0.1.x86_64 2/5 > Installing : apr-util-ldap-1.3.9-3.el6_0.1.x86_64 3/5 > Installing : httpd-tools-2.2.15-54.el6_8.x86_64 4/5 > groupadd: failure while writing changes to /etc/group > useradd: group 'apache' does not exist > Installing : httpd-2.2.15-54.el6_8.x86_64 5/5 the 'groupadd' command (which *is* apparently being called, as opposed to RHEL-7.2 httpd) is having troubles writing to /etc/group. I am guessing this might have to do with the file's SELinux context, file attributes or even the mount options of the /etc filesystem (if it is mounted). The httpd preinstall scriptlet does everything it should: # rpm -q --scripts httpd preinstall scriptlet (using /bin/sh): # Add the "apache" user getent group apache >/dev/null || groupadd -g 48 -r apache getent passwd apache >/dev/null || \ useradd -r -u 48 -g apache -s /sbin/nologin \ -d /var/www -c "Apache" apache exit 0 ...
> This seems to be a different problem. Judging from the yum output,
You are right. Sorry for not checking that.
I am having some other issue. I am facing issues in adding a user itself.
# useradd test
useradd: failure while writing changes to /etc/passwd`
To add a user and group, I have to edit those /etc/passwd & group file now.
Thanks for pointing it out.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2016-2534.html |
Created attachment 1102600 [details] proposed update to httpd.spec Description of problem: When installing httpd on any RHEL6.x, RHEL7.x or Fedora product, and USERGROUPS_ENAB is set to 'no', group apache is not created properly, throwing warnings during installation of package and causing later problems with daemon and apps. Version-Release number of selected component (if applicable): httpd-2.4.17-3.fc23.x86_64, or httpd-2.4.6-31.el7.x86_64, or any before (afaik) How reproducible: always Steps to Reproduce: 1. sed -i -e 's/USERGROUPS_ENAB.*/USERGROUPS_ENAB no/g' /etc/login.defs 2. dnf install httpd Last metadata expiration check performed 0:00:37 ago on Sat Dec 5 21:47:44 2015. Dependencies resolved. ============================================================================================================================================================================================================================================= Package Arch Version Repository Size ============================================================================================================================================================================================================================================= Installing: httpd x86_64 2.4.17-3.fc23 updates 1.3 M httpd-filesystem noarch 2.4.17-3.fc23 updates 25 k httpd-tools x86_64 2.4.17-3.fc23 updates 88 k Transaction Summary ============================================================================================================================================================================================================================================= Install 3 Packages Total download size: 1.4 M Installed size: 6.1 M Is this ok [y/N]: y Downloading Packages: (1/3): httpd-filesystem-2.4.17-3.fc23.noarch.rpm 273 kB/s | 25 kB 00:00 (2/3): httpd-tools-2.4.17-3.fc23.x86_64.rpm 467 kB/s | 88 kB 00:00 (3/3): httpd-2.4.17-3.fc23.x86_64.rpm 1.1 MB/s | 1.3 MB 00:01 --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 724 kB/s | 1.4 MB 00:01 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Installing : httpd-tools-2.4.17-3.fc23.x86_64 1/3 Installing : httpd-filesystem-2.4.17-3.fc23.noarch 2/3 Installing : httpd-2.4.17-3.fc23.x86_64 3/3 warning: group apache does not exist - using root warning: group apache does not exist - using root warning: group apache does not exist - using root warning: group apache does not exist - using root warning: group apache does not exist - using root warning: group apache does not exist - using root Verifying : httpd-2.4.17-3.fc23.x86_64 1/3 Verifying : httpd-filesystem-2.4.17-3.fc23.noarch 2/3 Verifying : httpd-tools-2.4.17-3.fc23.x86_64 3/3 Installed: httpd.x86_64 2.4.17-3.fc23 httpd-filesystem.noarch 2.4.17-3.fc23 httpd-tools.x86_64 2.4.17-3.fc23 Complete! Actual results: $ id apache uid=48(apache) gid=100(users) groups=100(users) Expected results: $ id apache uid=48(apache) gid=48(apache) groups=48(apache) Additional info: I'm aware that setting USERGROUPS_ENAB to 'no' is a bit non-standard, but... I've reviewed .spec file in httpd source package and replacing: %pre # Add the "apache" user /usr/sbin/useradd -c "Apache" -u 48 \ -s /sbin/nologin -r -d %{contentdir} apache 2> /dev/null || : with: %pre # Add the "apache" user /usr/sbin/useradd -c "Apache" -u 48 -U \ -s /sbin/nologin -r -d %{contentdir} apache 2> /dev/null || : as hinted by 'man useradd' should fix this easily.