840302 – useradd preinstall script command specify non unique id

Bug 840302 - useradd preinstall script command specify non unique id

Summary: useradd preinstall script command specify non unique id

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	lightdm
Sub Component:
Version:	17
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Rex Dieter
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-07-15 15:14 UTC by Frantisek Hanzlik
Modified:	2012-07-26 16:17 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2012-07-21 02:56:09 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Frantisek Hanzlik 2012-07-15 15:14:06 UTC

Description of problem:
preinstall script create "lightdm" user with command:
useradd -M -u 43 -d /var/log/lightdm -s /sbin/nologin -r lightdm

But this command can fail because non-unique UID (43, on my systems and probably on all RH systems it is X Font server UID).

Version-Release number of selected component (if applicable):
lightdm-1.2.2-15.fc17.i686

Actual results:
User "lightdm" isn't cerated, useradd ends with error: UID 43 is not unique
and because lightdm greeter implicitly use it, then fails

Additional info:
Perhaps one of: 1) guarantee unique UID; 2) not specify UID, only system account, and let system determine it; 3) enable duplicit UIDs

Comment 1 Fedora Update System 2012-07-15 19:05:01 UTC

lightdm-1.2.2-16.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/lightdm-1.2.2-16.fc16

Comment 2 Fedora Update System 2012-07-15 19:05:11 UTC

lightdm-1.2.2-16.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/lightdm-1.2.2-16.fc17

Comment 3 Fedora Update System 2012-07-17 17:20:09 UTC

Package lightdm-1.2.2-16.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing lightdm-1.2.2-16.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-10698/lightdm-1.2.2-16.fc17
then log in and leave karma (feedback).

Comment 4 Fedora Update System 2012-07-21 02:56:09 UTC

lightdm-1.2.2-16.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 5 Fedora Update System 2012-07-26 03:51:57 UTC

lightdm-1.2.2-16.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Nerijus Baliūnas 2012-07-26 10:30:02 UTC

Updating to lightdm-1.2.2-17.fc17.i686 did not create lightdm user and group.
Probably because:

# getent group lightdm
# echo $?
2

# getent passwd lightdm
# echo $?
2

so the script after || is not executed.

Comment 7 Gregor Tätzner 2012-07-26 12:01:43 UTC

I don't think so. For some reason the user creation fails in your case. Can you post the output of 

'groupadd -r lightdm'
and
'/usr/sbin/useradd -g lightdm -M -d /var/log/lightdm -s /sbin/nologin -r lightdm'

Comment 8 Nerijus Baliūnas 2012-07-26 13:20:02 UTC

# groupadd -r lightdm
groupadd: nscd exited with status 1groupadd: Failed to flush the nscd cache.
groupadd: nscd exited with status 1groupadd: Failed to flush the nscd cache.
groupadd: nscd exited with status 1groupadd: Failed to flush the nscd cache.

# /usr/sbin/useradd -g lightdm -M -d /var/log/lightdm -s /sbin/nologin -r lightdm
useradd: nscd exited with status 1useradd: Failed to flush the nscd cache.
useradd: nscd exited with status 1useradd: Failed to flush the nscd cache.
useradd: nscd exited with status 1useradd: Failed to flush the nscd cache.
useradd: nscd exited with status 1useradd: Failed to flush the nscd cache.

The user and group were created successfully. Could it be because I had an earlier lightdm package installed? Or does preinstall scriptlet run on upgrades too?

Comment 9 Gregor Tätzner 2012-07-26 14:55:53 UTC

(In reply to comment #8)
> groupadd: nscd exited with status 1groupadd: Failed to flush the nscd cache.
I'm not experienced in nscd, but this looks scary. Anyways, not related to this bug.
> 
> The user and group were created successfully. Could it be because I had an
> earlier lightdm package installed? Or does preinstall scriptlet run on
> upgrades too?
Yes, %pre runs on upgrades and (new)installs. If the scriptlet had failed to add the user in an earlier version of lightdm, it would try it on upgrade again.

Comment 10 Nerijus Baliūnas 2012-07-26 16:17:06 UTC

Uninstalled the package and installed it manually with rpm:

# rpm -Uvh lightdm-1.2.2-17.fc17.i686.rpm 
Preparing...                ########################################### [100%]
groupadd: failure while writing changes to /etc/group
   1:lightdm                ########################################### [100%]
warning: user lightdm does not exist - using root
warning: group lightdm does not exist - using root

/var/log/audit/audit.log:

type=ADD_GROUP msg=audit(1343319142.967:1228): pid=0 uid=0 auid=1000 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/gshadow acct="lightdm" exe="/usr/sbin/groupadd" hostname=? addr=? terminal=pts/1 res=failed'
type=ADD_GROUP msg=audit(1343319142.967:1229): pid=0 uid=0 auid=1000 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/group acct="lightdm" exe="/usr/sbin/groupadd" hostname=? addr=? terminal=pts/1 res=failed'
type=ADD_GROUP msg=audit(1343319142.967:1230): pid=0 uid=0 auid=1000 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op= acct="lightdm" exe="/usr/sbin/groupadd" hostname=? addr=? terminal=pts/1 res=failed'

Note You need to log in before you can comment on or make changes to this bug.