Bug 1318390

Summary:	opendkim will not start, claims no user/group
Product:	[Fedora] Fedora	Reporter:	Doug Maxey <bz>
Component:	opendkim	Assignee:	Steve Jenkins <steve>
Status:	CLOSED NOTABUG	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	medium	Docs Contact:
Priority:	unspecified
Version:	23	CC:	bz, steve
Target Milestone:	---
Target Release:	---
Hardware:	x86_64
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2016-03-29 16:38:45 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:

Description Doug Maxey 2016-03-16 18:03:21 UTC

Description of problem:
opendkim is in use at this site.  on the server running it, claim is made that there is no 'opendkim' user even though present in the /etc/passwd, /etc/group files.

Version-Release number of selected component (if applicable):
opendkim-2.10.3-3.fc23.x86_64
sendmail-8.15.2-2.fc23.x86_64
systemd-222-14.fc23.x86_64


How reproducible:
100%

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Looked for AVCs, don't see any related.

systemctl start opendkim.service
============================================================
/var/log/messages:
Mar 16 12:49:20 myhost audit: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=opendkim comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Mar 16 12:49:20 myhost systemd: opendkim.service: Control process exited, code=exited status=65
Mar 16 12:49:20 myhost systemd: Failed to start DomainKeys Identified Mail (DKIM) Milter.
Mar 16 12:49:20 myhost systemd: opendkim.service: Unit entered failed state.
Mar 16 12:49:20 myhost systemd: opendkim.service: Failed with result 'exit-code'.
Mar 16 12:49:20 myhost opendkim: opendkim: no such group 'opendkim'
============================================================

journalctl -xe
Mar 16 12:49:20 myhost.mydom.com polkitd[804]: Registered Authentication Agent for unix-process:20511:33279429 (syste
Mar 16 12:49:20 myhost.mydom.com opendkim[20517]: no such group or gid 'opendkim'
Mar 16 12:49:20 myhost.mydom.com systemd[1]: Starting DomainKeys Identified Mail (DKIM) Milter...
-- Subject: Unit opendkim.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit opendkim.service has begun starting up.
Mar 16 12:49:20 myhost.mydom.com audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:sys
Mar 16 12:49:20 myhost.mydom.com polkitd[804]: Unregistered Authentication Agent for unix-process:20511:33279429 (sys
Mar 16 12:49:20 myhost.mydom.com systemd[1]: opendkim.service: Control process exited, code=exited status=65
Mar 16 12:49:20 myhost.mydom.com systemd[1]: Failed to start DomainKeys Identified Mail (DKIM) Milter.
-- Subject: Unit opendkim.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit opendkim.service has failed.
-- 
-- The result is failed.
Mar 16 12:49:20 myhost.mydom.com systemd[1]: opendkim.service: Unit entered failed state.
Mar 16 12:49:20 myhost.mydom.com systemd[1]: opendkim.service: Failed with result 'exit-code'.
Mar 16 12:49:20 myhost.mydom.com opendkim[20517]: opendkim: no such group 'opendkim'
============================================================

grep opendkim /etc/{group,passwd}
/etc/group:mail:x:12:opendkim
/etc/group:opendkim:x:989:
/etc/passwd:opendkim:x:989:989:OpenDKIM Milter:/var/run/opendkim:/sbin/nologin

Comment 1 Doug Maxey 2016-03-18 17:58:31 UTC

runs fine from the command line.  

Maybe a context problem?

Comment 2 Doug Maxey 2016-03-29 16:38:45 UTC

Hm.  Even more basic than that.  /etc/group* became root access only.  Oh well.