Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 963920 - clamav-filesystem has useradd and groupadd issues
clamav-filesystem has useradd and groupadd issues
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: clamav (Show other bugs)
18
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Nick Bebout
Fedora Extras Quality Assurance
:
: 964328 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-05-16 14:53 EDT by Chris Schanzle
Modified: 2013-06-20 22:05 EDT (History)
14 users (show)

See Also:
Fixed In Version: clamav-0.97.8-2.fc17
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-06-18 02:24:34 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chris Schanzle 2013-05-16 14:53:52 EDT
Description of problem:
clamav-filesystem scripts does not create group and user system accounts properly.

Version-Release number of selected component (if applicable):
clamav-0.97.8-1.fc18.x86_64

How reproducible:
100% if clamupdate group and clamupdate user accounts do not already exist.

Steps to Reproduce:
1. yum remove clamav\*
2. userdel clamupdate
3. groupdel clamupdate
4. yum install clamav clamav-update
  
Actual results:
Downloading Packages:
(1/5): clamav-0.97.8-1.fc18.x86_64.rpm                     | 922 kB   00:00     
(2/5): clamav-data-empty-0.97.8-1.fc18.noarch.rpm          |  17 kB   00:00     
(3/5): clamav-filesystem-0.97.8-1.fc18.noarch.rpm          |  17 kB   00:00     
(4/5): clamav-lib-0.97.8-1.fc18.x86_64.rpm                 | 3.6 MB   00:00     
(5/5): clamav-update-0.97.8-1.fc18.x86_64.rpm              |  83 kB   00:00     
--------------------------------------------------------------------------------
Total                                            27 MB/s | 4.6 MB     00:00     
Running Transaction Check
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : clamav-data-empty-0.97.8-1.fc18.noarch                       1/5 
  Installing : clamav-lib-0.97.8-1.fc18.x86_64                              2/5 
Usage: groupadd [options] GROUP

Options:
  -f, --force                   exit successfully if the group already exists,
                                and cancel -g if the GID is already used
  -g, --gid GID                 use GID for the new group
  -h, --help                    display this help message and exit
  -K, --key KEY=VALUE           override /etc/login.defs defaults
  -o, --non-unique              allow to create groups with duplicate
                                (non-unique) GID
  -p, --password PASSWORD       use this encrypted password for the new group
  -r, --system                  create a system account
  -R, --root CHROOT_DIR         directory to chroot into

useradd: group 'clamupdate' does not exist
  Installing : clamav-filesystem-0.97.8-1.fc18.noarch                       3/5 
warning: user clamupdate does not exist - using root
warning: group clamupdate does not exist - using root
  Installing : clamav-update-0.97.8-1.fc18.x86_64                           4/5 
/usr/bin/chown: invalid group: ‘root:clamupdate’
  Installing : clamav-0.97.8-1.fc18.x86_64                                  5/5 
  Verifying  : clamav-lib-0.97.8-1.fc18.x86_64                              1/5 
  Verifying  : clamav-0.97.8-1.fc18.x86_64                                  2/5 
  Verifying  : clamav-update-0.97.8-1.fc18.x86_64                           3/5 
  Verifying  : clamav-data-empty-0.97.8-1.fc18.noarch                       4/5 
  Verifying  : clamav-filesystem-0.97.8-1.fc18.noarch                       5/5 

Installed:
  clamav.x86_64 0:0.97.8-1.fc18       clamav-update.x86_64 0:0.97.8-1.fc18      

Dependency Installed:
  clamav-data-empty.noarch 0:0.97.8-1.fc18                                      
  clamav-filesystem.noarch 0:0.97.8-1.fc18                                      
  clamav-lib.x86_64 0:0.97.8-1.fc18                                             

Complete!


Expected results:
no errors

Additional info:

In the below scripts,
1. ${username} is clearly not expanded properly
2. "-g 4" needs to be removed from the groupadd (username is last argument anyway)
3.  what happens if gruopadd command returns non-zero exit status?  Probably want ||: 
4.  "-u 4" should be removed from useradd

# rpm -q --scripts clamav-filesystem-0.97.8-1.fc18.noarchpreinstall scriptlet (using /bin/sh):
getent group clamupdate >/dev/null || groupadd -r ${username} -g 4
getent passwd clamupdate >/dev/null || \
    useradd -r -g clamupdate -d /var/lib/clamav -s /sbin/nologin -u 4 \
    -c "Clamav database update user" clamupdate
exit 0
Comment 1 Chris Schanzle 2013-05-16 14:56:29 EDT
Workaround: pre-create group and user account, then install or reinstall with yum:

yum remove clamav\*
groupadd -r clamupdate 
useradd -r -g clamupdate -d /var/lib/clamav -s /sbin/nologin -c "Clamav database update user" clamupdate
yum install clamav clamav-update
Comment 2 Chris Schanzle 2013-05-16 15:34:16 EDT
In reviewing the clamav.spec, I also see similar issues with

%pre scanner
getent group %{scanuser} >/dev/null || groupadd -r ${scanuser} -g 49
getent passwd %{scanuser} >/dev/null || \
    useradd -r -g %{scanuser} -d / -s /sbin/nologin -u 49 \
    -c "Clamav scanner user" %{scanuser}
exit 0


I suggest:
1. removing '-g 49'
2. fixing ${scanuser} to %{scanuser}
3. removing '-u 49'

So that it appears as below:

getent group %{scanuser} >/dev/null || groupadd -r %{scanuser}
getent passwd %{scanuser} >/dev/null || \
    useradd -r -g %{scanuser} -d / -s /sbin/nologin \
    -c "Clamav scanner user" %{scanuser}
exit 0

I also see use of ${milteruser} rather than %{milteruser} which is broken.

There is much inconsistent use of braces around macro names (e.g., %{milteruser} vs %milteruser) and some macros never have braces when used (%milterlog), but I do not see where this violates any packaging guidelines.
Comment 3 Michael H. Warfield 2013-05-28 10:01:49 EDT
Seriously broken.  I've been running into this.  Workaround are useless if you are building respins such as the Network Security Toolkit (NST) since they're trying to build run-live file systems that include this package and you have no opportunity to precreate the user and group ids.
Comment 4 Nick Bebout 2013-06-13 16:27:30 EDT
*** Bug 964328 has been marked as a duplicate of this bug. ***
Comment 5 Fedora Update System 2013-06-13 17:32:26 EDT
clamav-0.97.8-2.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/clamav-0.97.8-2.fc18
Comment 6 Fedora Update System 2013-06-13 17:33:01 EDT
clamav-0.97.8-2.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/clamav-0.97.8-2.fc19
Comment 7 Fedora Update System 2013-06-13 17:33:35 EDT
clamav-0.97.8-2.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/clamav-0.97.8-2.fc17
Comment 8 Fedora Update System 2013-06-14 19:12:52 EDT
Package clamav-0.97.8-2.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing clamav-0.97.8-2.fc19'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-10853/clamav-0.97.8-2.fc19
then log in and leave karma (feedback).
Comment 9 Fedora Update System 2013-06-18 02:24:34 EDT
clamav-0.97.8-2.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Peter Ludikovsky 2013-06-19 09:28:42 EDT
Any chance of getting this fix into the reported release (Fedora 18 Spherical Cow)?
Comment 11 Frank Murphy 2013-06-19 09:44:30 EDT
(In reply to Peter Ludikovsky from comment #10)
> Any chance of getting this fix into the reported release (Fedora 18
> Spherical Cow)?

Read comment #5
Comment 12 Fedora Update System 2013-06-20 22:00:39 EDT
clamav-0.97.8-2.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2013-06-20 22:05:56 EDT
clamav-0.97.8-2.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.