Bug 187682 - tclhttpd fails to create user during install
tclhttpd fails to create user during install
Product: Fedora
Classification: Fedora
Component: tclhttpd (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Wart
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2006-04-02 12:56 EDT by Wart
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-04-02 16:34:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Wart 2006-04-02 12:56:55 EDT
Description of problem:
tclhttpd runs as a special 'tclhttpd' user to minimize the risk of privilege
escalation attacks.  The installation of tclhttpd in FC-5 fails to create the
tclhttpd user, causing the entire install to abort.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Perform a fresh install of FC-5
2. yum install tclhttpd
Actual results:
tclhttpd fails with the error message:
Running Transaction
useradd: cannot create directory /var/www/tclhttpd
Tue Mar 28 15:38:13 PST 2006 [28662]: failed with '12'
error: %pre(tclhttpd-3.5.1-10.fc5.i386) scriptlet failed, exit status 12
error:   install: %pre scriptlet failed (2), skipping tclhttpd-3.5.1-10.fc5

Installed: tclhttpd.i386 0:3.5.1-10.fc5

Expected results:
tclhttpd installs with no errors

Additional info:
Turning off selinux fixes the problem.  It seems that the useradd fails because
the user's home directory /var/www/tclhttpd is created by the package with a
certain security context, and useradd tries to create it again with a new
security context.  The fix is simple:  use 'useradd -M' to prevent the creation
of the directory.
Comment 1 Wart 2006-04-02 16:34:10 EDT
Fix committed and built in release -11.

Note You need to log in before you can comment on or make changes to this bug.