Red Hat Bugzilla – Bug 438665
Contains files owned by buildsystem
Last modified: 2008-05-18 13:51:03 EDT
Description of problem:
| $ rpm -qlpv /tmp/freeradius-2.0.2-2.fc9.i386.rpm
| drwxr-x--- 2 mockbuilradiusd 0 Mar 18 18:17 /etc/raddb
| drwxr-x--- 2 mockbuilradiusd 0 Mar 18 18:17 /etc/raddb/certs
This can become a security problem when 'mockbuild' user exists in the system.
It is caused by
Version-Release number of selected component (if applicable):
Thank you Enrico for reporting this, I'll fix it immediately.
The new 2.x version of FreeRADIUS had a lot of changes and although I "ported"
the spec file to upgrade to the new version I never had a chance to actually
test the result and carefully go over it, something I wanted to do before
building it into rawhide. In the interim someone else did build it into rawhide
which I was surprised by. So, I'm wondering, have you exercised the package and
if so do you have any other feedback?
I like the new packaging concept as it helps to slim down dependencies.
After first installation (of only the base package), I got an error due
to a missing database (mysql???) configuration file which is included
by the default configuration but shipped in a subpackage.
Then, I dislike the 'Requires: net-snmp net-snmp-utils' because it
adds an heavy dependency tree (perl).
Some other notes:
* '%files utils' is missing %defattr()
* are all the explicit
| Requires: krb5-libs
| Requires: python-libs
| Requires: perl-libs
really needed? Usually, they are deprecated as rpm generates them
| Requires: mysql
| Requires: openldap
really needed? These packages contain management utilities for the
databases, but freeradius needs only the libs (afais)
* to prevent version mix between the various subpackages, I would add
| Requires: %name-libs = %version-%release
to (all?) subpackages.
* I would write
| BuildRequires: /usr/bin/perlcc
| BuildRequires: perl-devel
to make it build both on e.g. RHEL5 and F8+
* CVS tree needs some cleanup of old patches
*** Bug 442696 has been marked as a duplicate of this bug. ***
I incorporated several of your suggestions, thank you. At the same time the
package was upgraded to the current 2.0.3 upstream. MySQL, Postgresql, & LDAP
were further factored out in the dialup-admin package.
*** Bug 446597 has been marked as a duplicate of this bug. ***
freeradius-2.0.3-2.fc9 has been submitted as an update for Fedora 9
freeradius-2.0.3-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
I would say that the problem still persist - only slightly changed. Please reopen.
[root@localhost ~]# rpm -ihv freeradius-2.0.3-3.fc9.i386.rpm
Preparing... ########################################### [100%]
1:freeradius warning: group radiusd does not exist - using root
warning: user radiusd does not exist - using root
warning: group radiusd does not exist - using root
/bin/chown: invalid user: `radiusd.radiusd'
I can see that preinstall says to create the radiusd user and group, and if it
worked I assume that the problem would be solved. If the user and group exists
before installing then it will succeed.
User creation in preinstall has been totally muted with "> /dev/null 2>&1 || :",
so I can't see how/why it failed - or if it was run at all. I would say that
user creation shouldn't be muted; I wan't to know when something goes wrong. And
useradd is quiet on success. The packaging guidelines might however say
Another explanation could be that rpm for some reason doesn't run the preinstall