Bug 187682 - tclhttpd fails to create user during install
Summary: tclhttpd fails to create user during install
Alias: None
Product: Fedora
Classification: Fedora
Component: tclhttpd   
(Show other bugs)
Version: 5
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Wart
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2006-04-02 16:56 UTC by Wart
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-04-02 20:34:10 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Wart 2006-04-02 16:56:55 UTC
Description of problem:
tclhttpd runs as a special 'tclhttpd' user to minimize the risk of privilege
escalation attacks.  The installation of tclhttpd in FC-5 fails to create the
tclhttpd user, causing the entire install to abort.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Perform a fresh install of FC-5
2. yum install tclhttpd
Actual results:
tclhttpd fails with the error message:
Running Transaction
useradd: cannot create directory /var/www/tclhttpd
Tue Mar 28 15:38:13 PST 2006 [28662]: failed with '12'
error: %pre(tclhttpd-3.5.1-10.fc5.i386) scriptlet failed, exit status 12
error:   install: %pre scriptlet failed (2), skipping tclhttpd-3.5.1-10.fc5

Installed: tclhttpd.i386 0:3.5.1-10.fc5

Expected results:
tclhttpd installs with no errors

Additional info:
Turning off selinux fixes the problem.  It seems that the useradd fails because
the user's home directory /var/www/tclhttpd is created by the package with a
certain security context, and useradd tries to create it again with a new
security context.  The fix is simple:  use 'useradd -M' to prevent the creation
of the directory.

Comment 1 Wart 2006-04-02 20:34:10 UTC
Fix committed and built in release -11.

Note You need to log in before you can comment on or make changes to this bug.