Bug 511876

hi Steve,
There's one related bug 708918 filed now and the bug is blocked for testing, pls resolve the regression ASAP, thanks.

*** Bug 708918 has been marked as a duplicate of this bug. ***

hi Steve,
I could reproduce the problem like comment #4, indeed nfsnobody user has not been created when RHEL5.7 has been installed.
Since nfsnobody group is created before, so useradd failed, and add '-g' option into useradd line could fix the issue:
# grep nfsnobody /etc/passwd /etc/group
/etc/group:nfsnobody:x:65534:
# /usr/sbin/useradd -l -c "Anonymous NFS User" -r -s /sbin/nologin -u 65534 -d
/var/lib/nfs nfsnobody 
useradd: group nfsnobody exists - if you want to add this user to that group,
use -g.

For your test steps, since you remove the nfs-utils package first, the nfsnobody user and group gone, so you can't reproduce the problem. Pls use Masayoshi Yamazaki test steps to reproduce, and the fix is easy.

pls check comment #9

(In reply to comment #9)
> hi Steve,
> I could reproduce the problem like comment #4, indeed nfsnobody user has not
> been created when RHEL5.7 has been installed.
> Since nfsnobody group is created before, so useradd failed, and add '-g' option
> into useradd line could fix the issue:
> # grep nfsnobody /etc/passwd /etc/group
> /etc/group:nfsnobody:x:65534:
> # /usr/sbin/useradd -l -c "Anonymous NFS User" -r -s /sbin/nologin -u 65534 -d
> /var/lib/nfs nfsnobody 
> useradd: group nfsnobody exists - if you want to add this user to that group,
> use -g.
> 
> For your test steps, since you remove the nfs-utils package first, the
> nfsnobody user and group gone, so you can't reproduce the problem. Pls use
> Masayoshi Yamazaki test steps to reproduce, and the fix is easy.
Yes I did remove the package which indeed removed the nfsnobody user.
But, I added back nfsnobody with the useradd command and then I
reinstall the package with out error...

(In reply to comment #12)
> (In reply to comment #9)
> > hi Steve,
> > I could reproduce the problem like comment #4, indeed nfsnobody user has not
> > been created when RHEL5.7 has been installed.
> > Since nfsnobody group is created before, so useradd failed, and add '-g' option
> > into useradd line could fix the issue:
> > # grep nfsnobody /etc/passwd /etc/group
> > /etc/group:nfsnobody:x:65534:
> > # /usr/sbin/useradd -l -c "Anonymous NFS User" -r -s /sbin/nologin -u 65534 -d
> > /var/lib/nfs nfsnobody 
> > useradd: group nfsnobody exists - if you want to add this user to that group,
> > use -g.
> > 
> > For your test steps, since you remove the nfs-utils package first, the
> > nfsnobody user and group gone, so you can't reproduce the problem. Pls use
> > Masayoshi Yamazaki test steps to reproduce, and the fix is easy.
> Yes I did remove the package which indeed removed the nfsnobody user.
> But, I added back nfsnobody with the useradd command and then I
> reinstall the package with out error...

hi, the reason why you can not reproduce the problem is that you added back
nfsnobody using the useradd command which would create nfsnobody group default
at the same time, so it's not the scenario described in comment #4:
Here is a part of postinstall of nfs-utils-1.0.9-52.el5:
----------------------------------------------------------------------
# Create nfsnobody gid as long as it does not already exist.
cat /etc/group | cut -d':' -f 1 | grep --quiet nfsnobody 2>/dev/null
if [ "$?" -eq 1 ]; then
    /usr/sbin/groupadd -g 65534 nfsnobody 2>/dev/null || :
else
    /usr/sbin/groupmod -g 65534 nfsnobody 2>/dev/null || :
fi

# Create nfsnobody uid as long as it does not already exist.
cat /etc/passwd | cut -d':' -f 1 | grep --quiet nfsnobody 2>/dev/null
if [ "$?" -eq 1 ]; then
        /usr/sbin/useradd -l -c "Anonymous NFS User" -r \
                -s /sbin/nologin -u 65534 -d /var/lib/nfs nfsnobody 2>/dev/null
|| :
else
        /usr/sbin/usermod -u 65534 nfsnobody 2>/dev/null || :
fi
----------------------------------------------------------------------------

In usually case, nfsnobody group is created on the above script. However, if
nfsnobody group exists, useradd on the above will fail if without -g option.
----------------------------------------------------------------------------

If you reserve a RHEL5.7 server from beaker and you will find nfsnobody user is
not existent when you login:
      Beaker Test information:
                         HOSTNAME=sun-x4200-01.rhts.eng.bos.redhat.com
                            JOBID=99944
                         RECIPEID=203569
                    RESULT_SERVER=127.0.0.1:7092
                           DISTRO=RHEL5.7-Server-20110615.0
                     ARCHITECTURE=i386
**  **  **  **  **  **  **  **  **  **  **  **  **  **  **  **  **  **
[root@sun-x4200-01 ~]# id nfsnobody
id: nfsnobody: No such user
[root@sun-x4200-01 ~]# grep nfsnobody /etc/passwd /etc/group
/etc/group:nfsnobody:x:65534:

verified against nfs-utils-1.0.9-54.el5 on i386 and x86_64:
[root@intel-sugarbay-DH-02 ~]# rpm -Uvh nfs-utils-1.0.9-54.el5.i386.rpm 
Preparing...                ########################################### [100%]
   1:nfs-utils              ########################################### [100%]
[root@intel-sugarbay-DH-02 ~]# id nfsnobody
uid=65534(nfsnobody) gid=65534(nfsnobody) groups=65534(nfsnobody) context=root:system_r:unconfined_t:SystemLow-SystemHigh

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1048.html

It looks like this patch changed the GID for nfsnobody to 65534 but didn't change the default group for the nfsnobody user:

# grep nfsnobody /etc/passwd
nfsnobody:x:65534:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin

# grep nfsnobody /etc/group
nfsnobody:x:65534:

Notice that nfsnobody belongs to a non-existent group.

Elliott is right, the updated package results in a mess.
I guess the correct fix would be:

- /usr/sbin/usermod -u 65534 nfsnobody 2>/dev/null || :
+ /usr/sbin/usermod -g nfsnobody -u 65534 nfsnobody 2>/dev/null || :

Simon

(In reply to comment #22)
> Elliott is right, the updated package results in a mess.
> I guess the correct fix would be:
> 
> - /usr/sbin/usermod -u 65534 nfsnobody 2>/dev/null || :
> + /usr/sbin/usermod -g nfsnobody -u 65534 nfsnobody 2>/dev/null || :
> 
> Simon

pls file a bug for rhel5.8? developer may deal with it in rhel5.8.

confirm the issue isn't existent in RHEL5.7 package:
      Beaker Test information:
                         HOSTNAME=intel-chiefriver-02.lab.bos.redhat.com
                            JOBID=144592
                         RECIPEID=300704
                    RESULT_SERVER=127.0.0.1:7086
                           DISTRO=RHEL5-Server-U7
                     ARCHITECTURE=x86_64
**  **  **  **  **  **  **  **  **  **  **  **  **  **  **  **  **  **
[root@intel-chiefriver-02 ~]# id nfsnobody
uid=65534(nfsnobody) gid=65534(nfsnobody) groups=65534(nfsnobody) context=root:system_r:unconfined_t:SystemLow-SystemHigh
[root@intel-chiefriver-02 ~]# grep nfsnobody /etc/passwd
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
[root@intel-chiefriver-02 ~]# grep nfsnobody /etc/group
nfsnobody:x:65534:
[root@intel-chiefriver-02 ~]# rpm -qa|grep nfs-utils
nfs-utils-lib-1.0.8-7.6.el5
nfs-utils-1.0.9-54.el5

For new installs, nfs-utils-1.0.9-54.el5 is fine, but for updates it does not correct the gid of user nfsnobody, only the uid is fixed/changed. That means nfs-utils-1.0.9-54.el5 is broken and should be fixed.

(In reply to comment #25)
> For new installs, nfs-utils-1.0.9-54.el5 is fine, but for updates it does not
> correct the gid of user nfsnobody, only the uid is fixed/changed. That means
> nfs-utils-1.0.9-54.el5 is broken and should be fixed.

hi,
Thanks for your reporting the issue, I've filed a bug to track the issue, see https://bugzilla.redhat.com/show_bug.cgi?id=746948