Description of problem: The pre-install scriptlet creates the saslauth account with a home directory, /var/empty/saslauth, that does not exist in the package. Users may create the home directory to "fix" the "problem" and inadvertently provide a privilege escalation path by setting inappropriate ownership or protection. Version-Release number of selected component (if applicable): cyrus-sasl-2.1.23-12.fc14.x86_64 (Still in git HEAD) How reproducible: # yum install cyrus-sasl⏎ # pwck⏎ user 'saslauth': directory '/var/empty/saslauth' does not exist pwck: no changes Additional info: Does not affect functionality, just trying to reduce the background noise from system integrity checks. A simple fix would be to create the directory /var/empty/saslauth in %install and include it in %files, setting the required ownership and mode. Including the directory in the package would initialise the directory securely (root:root 0711?) and provide a verification mechanism. Suggested fix for spec file (add 2 lines): +++ %define username saslauth %define hint "Saslauthd user" %define homedir %{_var}/empty/%{username} ... %install ... + install -d -m711 $RPM_BUILD_ROOT/%{homedir} ... %pre getent group %{username} >/dev/null || groupadd -r %{username} getent passwd %{username} >/dev/null || useradd -r -g %{username} -d %{homedir} -s /sbin/nologin -c \"%{hint}\" %{username} ... %files %defattr(-,root,root) ... + %dir %{homedir} ... --- P.S. Might want to change %define to %global while there.
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
I believe that change homedir to already existing directory would be enough: -%define homedir %{_var}/empty/%{username} +%define homedir /run/saslauthd Thanks for your report