-
Bug
-
Resolution: Not a Bug
-
Undefined
-
None
-
rhel-9.4
-
None
-
None
-
Low
-
rhel-sst-cs-plumbers
-
ssg_core_services
-
None
-
False
-
-
None
-
Red Hat Enterprise Linux
-
None
-
None
-
None
-
All
-
None
Issue description
In RHEL 9.4, the avahi RPM package contributes a %pre script that creates the avahi user and group, with the home directory of the avahi user being /var/run/avahi-daemon:
$ rpm -q --scripts avahi preinstall scriptlet (using /bin/sh): getent group avahi >/dev/null || groupadd -f -g 70 -r avahi if ! getent passwd avahi > /dev/null ; then if ! getent passwd 70 > /dev/null ; then useradd -r -l -u 70 -g avahi -d /var/run/avahi-daemon -s /sbin/nologin -c "Avahi mDNS/DNS-SD Stack" avahi else useradd -r -l -g avahi -d /var/run/avahi-daemon -s /sbin/nologin -c "Avahi mDNS/DNS-SD Stack" avahi fi fi exit 0
Since on RHEL9 /var/run is a symbolic link to /run, which is volatile, once created, the /var/run/avahi-daemon directory will be lost when the system reboots.
There is a mechanism, tmpfiles.d(5), to persist files/directories in volatile filesystems across system reboots. However, the avahi package fails to contribute a (e.g.) /usr/lib/tmpfiles.d/avahi.conf file, in order to ensure that the home directory for the avahi user persists across reboots.
While the absence of its home directory may or may not affect the avahi service itself, pwck -r correctly reports the absent home directory as an error:
$ sudo pwck -r user 'avahi': directory '/var/run/avahi-daemon' does not exist pwck: no changes
For systems that must comply with the DISA RHEL9 STIG, the error reported by pwck is a finding for rule RHEL-09-411065:
https://stigviewer.com/stig/red_hat_enterprise_linux_9/2023-12-01/finding/V-258052
Having rule findings is undesirable, because it reflects negatively upon the site's management of its hosts, even when (in this case) the finding is not the system administrator's fault.
Please provide the package NVR for which bug is seen:
avahi-0.8-20.el9.x86_64
How reproducible:
Every time.
Steps to reproduce
- Install the avahi package (if it is not already installed)
- Reboot the host
- Run pwck -r
Expected results
pwck -r should report no warnings or errors related to the avahi user or group.
Actual results
pwck -r (correctly) warns that the home directory for the avahi user does not exist.