Bug 2476417

Summary: RPM macro file for passwd/group paths no longer needed (and harmful)
Product: [Fedora] Fedora Reporter: Michal Domonkos <mdomonko>
Component: nss-altfilesAssignee: Colin Walters <walters>
Status: NEW --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 44CC: andre.bitzer, coreos-sig, mattdm, tiago.bueno, travier, walters
Target Milestone: ---Flags: fedora-admin-xmlrpc: mirror+
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michal Domonkos 2026-05-12 09:48:46 UTC
RPM 6.1.0 [*] will do NSS lookups again by default, and so the following commit should no longer be needed (or desired, really):

commit fd9d7e81367ddfd4c619d5ffbe9dd981f2a71823 (HEAD -> rawhide, origin/rawhide, origin/main, origin/f44, origin/HEAD)
Author: Joseph Marrero Corchado <jmarrero>
Date:   Mon Feb 16 16:01:02 2026 -0500

    Add RPM macros to configure %%_passwd_path and %%_group_path
    
    Fixes user/group lookup for packages with non-root file ownership
    See: https://github.com/rpm-software-management/rpm/pull/3672

The issue with this commit is two-fold:

1. It points RPM to a possibly non-existent /usr/lib/passwd or /usr/lib/group file (it will print an error)
2. It effectively enables the altfiles NSS module regardless of whether it's actually configured in the /etc/nsswitch.conf file or not

FWIW, there's a pending RHEL backport (https://redhat.atlassian.net/browse/RHEL-140819) where I've also commented.

Reproducible: Always

Steps to Reproduce:
1. dnf install nss-altfiles
2. dnf install nginx-core
Actual Results:
[...]
error: failed to open /usr/lib/passwd for id/name lookup: No such file or directory
[...]

Expected Results:
No error. The alternate passwd/group file shouldn't be consulted here if it's non-existent.

[*] https://fedoraproject.org/wiki/Changes/RPM-6.1