Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-40182

avahi RPM fails to contribute tmpfiles.d file to create home directory for avahi user

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Undefined Undefined
    • None
    • rhel-9.4
    • avahi
    • None
    • None
    • Low
    • sst_cs_plumbers
    • ssg_core_services
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • All
    • None

      Issue description

      In RHEL 9.4, the avahi RPM package contributes a %pre script that creates the avahi user and group, with the home directory of the avahi user being /var/run/avahi-daemon:

      $ rpm -q --scripts avahi
preinstall scriptlet (using /bin/sh):
getent group avahi >/dev/null || groupadd -f -g 70 -r avahi
if ! getent passwd avahi > /dev/null ; then
  if ! getent passwd 70 > /dev/null ; then
    useradd -r -l -u 70 -g avahi -d /var/run/avahi-daemon -s /sbin/nologin -c "Avahi mDNS/DNS-SD Stack" avahi
  else
    useradd -r -l -g avahi -d /var/run/avahi-daemon -s /sbin/nologin -c "Avahi mDNS/DNS-SD Stack" avahi
  fi
fi
exit 0

      Since on RHEL9 /var/run is a symbolic link to /run, which is volatile, once created, the /var/run/avahi-daemon directory will be lost when the system reboots.

      There is a mechanism, tmpfiles.d(5), to persist files/directories in volatile filesystems across system reboots. However, the avahi package fails to contribute a (e.g.) /usr/lib/tmpfiles.d/avahi.conf file, in order to ensure that the home directory for the avahi user persists across reboots.

      While the absence of its home directory may or may not affect the avahi service itself, pwck -r correctly reports the absent home directory as an error:

      $ sudo pwck -r
user 'avahi': directory '/var/run/avahi-daemon' does not exist
pwck: no changes

      For systems that must comply with the DISA RHEL9 STIG, the error reported by pwck is a finding for rule RHEL-09-411065:

      https://stigviewer.com/stig/red_hat_enterprise_linux_9/2023-12-01/finding/V-258052

      Having rule findings is undesirable, because it reflects negatively upon the site's management of its hosts, even when (in this case) the finding is not the system administrator's fault.

      Please provide the package NVR for which bug is seen:

      avahi-0.8-20.el9.x86_64

      How reproducible:

      Every time.

      Steps to reproduce

      1. Install the avahi package (if it is not already installed)
      2. Reboot the host
      3. Run pwck -r

      Expected results

      pwck -r should report no warnings or errors related to the avahi user or group.

      Actual results

      pwck -r (correctly) warns that the home directory for the avahi user does not exist.

            msekleta@redhat.com Michal Sekletar
            ralstonsei James Ralston (Inactive)
            Michal Sekletar Michal Sekletar
            qe-baseos-daemons qe-baseos-daemons
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: