Red Hat Bugzilla – Bug 963920
clamav-filesystem has useradd and groupadd issues
Last modified: 2013-06-20 22:05:56 EDT
Description of problem: clamav-filesystem scripts does not create group and user system accounts properly. Version-Release number of selected component (if applicable): clamav-0.97.8-1.fc18.x86_64 How reproducible: 100% if clamupdate group and clamupdate user accounts do not already exist. Steps to Reproduce: 1. yum remove clamav\* 2. userdel clamupdate 3. groupdel clamupdate 4. yum install clamav clamav-update Actual results: Downloading Packages: (1/5): clamav-0.97.8-1.fc18.x86_64.rpm | 922 kB 00:00 (2/5): clamav-data-empty-0.97.8-1.fc18.noarch.rpm | 17 kB 00:00 (3/5): clamav-filesystem-0.97.8-1.fc18.noarch.rpm | 17 kB 00:00 (4/5): clamav-lib-0.97.8-1.fc18.x86_64.rpm | 3.6 MB 00:00 (5/5): clamav-update-0.97.8-1.fc18.x86_64.rpm | 83 kB 00:00 -------------------------------------------------------------------------------- Total 27 MB/s | 4.6 MB 00:00 Running Transaction Check Running Transaction Test Transaction Test Succeeded Running Transaction Installing : clamav-data-empty-0.97.8-1.fc18.noarch 1/5 Installing : clamav-lib-0.97.8-1.fc18.x86_64 2/5 Usage: groupadd [options] GROUP Options: -f, --force exit successfully if the group already exists, and cancel -g if the GID is already used -g, --gid GID use GID for the new group -h, --help display this help message and exit -K, --key KEY=VALUE override /etc/login.defs defaults -o, --non-unique allow to create groups with duplicate (non-unique) GID -p, --password PASSWORD use this encrypted password for the new group -r, --system create a system account -R, --root CHROOT_DIR directory to chroot into useradd: group 'clamupdate' does not exist Installing : clamav-filesystem-0.97.8-1.fc18.noarch 3/5 warning: user clamupdate does not exist - using root warning: group clamupdate does not exist - using root Installing : clamav-update-0.97.8-1.fc18.x86_64 4/5 /usr/bin/chown: invalid group: ‘root:clamupdate’ Installing : clamav-0.97.8-1.fc18.x86_64 5/5 Verifying : clamav-lib-0.97.8-1.fc18.x86_64 1/5 Verifying : clamav-0.97.8-1.fc18.x86_64 2/5 Verifying : clamav-update-0.97.8-1.fc18.x86_64 3/5 Verifying : clamav-data-empty-0.97.8-1.fc18.noarch 4/5 Verifying : clamav-filesystem-0.97.8-1.fc18.noarch 5/5 Installed: clamav.x86_64 0:0.97.8-1.fc18 clamav-update.x86_64 0:0.97.8-1.fc18 Dependency Installed: clamav-data-empty.noarch 0:0.97.8-1.fc18 clamav-filesystem.noarch 0:0.97.8-1.fc18 clamav-lib.x86_64 0:0.97.8-1.fc18 Complete! Expected results: no errors Additional info: In the below scripts, 1. ${username} is clearly not expanded properly 2. "-g 4" needs to be removed from the groupadd (username is last argument anyway) 3. what happens if gruopadd command returns non-zero exit status? Probably want ||: 4. "-u 4" should be removed from useradd # rpm -q --scripts clamav-filesystem-0.97.8-1.fc18.noarchpreinstall scriptlet (using /bin/sh): getent group clamupdate >/dev/null || groupadd -r ${username} -g 4 getent passwd clamupdate >/dev/null || \ useradd -r -g clamupdate -d /var/lib/clamav -s /sbin/nologin -u 4 \ -c "Clamav database update user" clamupdate exit 0
Workaround: pre-create group and user account, then install or reinstall with yum: yum remove clamav\* groupadd -r clamupdate useradd -r -g clamupdate -d /var/lib/clamav -s /sbin/nologin -c "Clamav database update user" clamupdate yum install clamav clamav-update
In reviewing the clamav.spec, I also see similar issues with %pre scanner getent group %{scanuser} >/dev/null || groupadd -r ${scanuser} -g 49 getent passwd %{scanuser} >/dev/null || \ useradd -r -g %{scanuser} -d / -s /sbin/nologin -u 49 \ -c "Clamav scanner user" %{scanuser} exit 0 I suggest: 1. removing '-g 49' 2. fixing ${scanuser} to %{scanuser} 3. removing '-u 49' So that it appears as below: getent group %{scanuser} >/dev/null || groupadd -r %{scanuser} getent passwd %{scanuser} >/dev/null || \ useradd -r -g %{scanuser} -d / -s /sbin/nologin \ -c "Clamav scanner user" %{scanuser} exit 0 I also see use of ${milteruser} rather than %{milteruser} which is broken. There is much inconsistent use of braces around macro names (e.g., %{milteruser} vs %milteruser) and some macros never have braces when used (%milterlog), but I do not see where this violates any packaging guidelines.
Seriously broken. I've been running into this. Workaround are useless if you are building respins such as the Network Security Toolkit (NST) since they're trying to build run-live file systems that include this package and you have no opportunity to precreate the user and group ids.
*** Bug 964328 has been marked as a duplicate of this bug. ***
clamav-0.97.8-2.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/clamav-0.97.8-2.fc18
clamav-0.97.8-2.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/clamav-0.97.8-2.fc19
clamav-0.97.8-2.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/clamav-0.97.8-2.fc17
Package clamav-0.97.8-2.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing clamav-0.97.8-2.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-10853/clamav-0.97.8-2.fc19 then log in and leave karma (feedback).
clamav-0.97.8-2.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
Any chance of getting this fix into the reported release (Fedora 18 Spherical Cow)?
(In reply to Peter Ludikovsky from comment #10) > Any chance of getting this fix into the reported release (Fedora 18 > Spherical Cow)? Read comment #5
clamav-0.97.8-2.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
clamav-0.97.8-2.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.