Description of problem: If rpc.yppasswdd cannot write into /etc/passwd.adjunct (or /etc/shadow in standard configuration) because of wrong SELinux context, rpc.yppasswdd still reports success, which is wrong. Version-Release number of selected component (if applicable): ypserv-2.19-8.el5 How reproducible: every-time Steps to Reproduce: 1. change context of /etc/shadow or /etc/passwd.adjunct to wrong one # chcon -t etc_t /etc/passwd.adjunct 2. try to change password of a user using yppasswd 3. /etc/passwd.adjunct is not updated and a message "Cannot create backup file /etc/passwd.adjunct.OLD: Permission denied" is logged into /var/log/messages Actual results: yppasswd returns success, so as rpc.yppasswdd in /var/log/messages Expected results: yppasswd returns failure, so as rpc.yppasswdd in /var/log/messages
Created attachment 529012 [details] proposed patch that reports failure when rename() fails
Just a note that this bug is easy to test with only slightly modified /CoreOS/ypserv/Regression/rfe-yppasswdd-support-passwd-adjunct.
Committed to CVS, moving to modified. http://post-office.corp.redhat.com/archives/cvs-commits-list/2011-October/msg05734.html
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0205.html