Running this: sudo dnf install bind bind-utils -y worked before but now it produces these warnings:
warning: group named does not exist - using root
warning: user named does not exist - using root
...
/usr/lib/tmpfiles.d/named.conf:1: Failed to resolve user 'named': No such process
Shouldn’t bind create user/group named like it did before?
It looks like the RPM has the script to setup the named group and user on install.
$ rpm -q --scripts bind
preinstall scriptlet (using /bin/sh):
if [ "$1" -eq 1 ]; then
/usr/sbin/groupadd -g 25 -f -r named >/dev/null 2>&1 || :;
/usr/sbin/useradd -u 25 -r -N -M -g named -s /sbin/nologin -d /var/named -c Named named >/dev/null 2>&1 || :;
fi;
$1 is 1 on install.
Becuase of the >/dev/null 2>&1 no errors will be reported on the terminal.
What happens if you run these are root?
/usr/sbin/groupadd -g 25 -f -r named
/usr/sbin/useradd -u 25 -r -N -M -g named -s /sbin/nologin -d /var/named -c Named named
Says invalid option -- 'N'
Both commands work for me on my F39 arm VM.
What Fedora version are you using?
Check that useradd -h documents -N.
: 17:11:35 armf39 ~
: [1] root $ /usr/sbin/groupadd -g 25 -f -r named
: 17:11:39 armf39 ~
: [1] root $ /usr/sbin/useradd -u 25 -r -N -M -g named -s /sbin/nologin -d /var/named -c Named named
: 17:11:49 armf39 ~
: [1] root $ id named
uid=25(named) gid=25(named) groups=25(named)
: 17:12:45 armf39 ~
: [1] root $
Ok, I did it again and the group and user have been created okay.
I deleted the user and the group and tried to intall bind and bind-utils again and I’m getting the same error.
Interestingly, when I install bind and bind-utils AFTER I run these two commands to create user and group manually the bind and bind-utils installation proceeds without warning or errors.
What bind version are you installing? I’m trying to install bind-32:9.18.20-1.fc39 that gives me these warnings.
I did not try installing bind, I just tested the useradd and groupadd commands.
Your report of -N not working should not have happened.
I know something is fishy.
Well, let’s troubleshooot. I tested individual useradd and groupadd commands and they work now, for now. I’m still getting no user and group created though when I install bind and bind-utils (and others like pesign so it’s a blanket problem). I can create users and groups manually and when I do that and reinstall packages things are installed and function correctly, it seems. So what is wrong with dnf/rpm and how to look further into it?
bind-utils is already installed on my f39.
I just install bind and it works:
: 21:12:58 armf39 /etc
: [1] root $ id named
id: ‘named’: no such user
: 21:13:00 armf39 /etc
: [1] root $ dnf install bind
Last metadata expiration check: 3:07:55 ago on Sun 17 Dec 2023 18:05:10 GMT.
Dependencies resolved.
========================================================================================================================
Package Architecture Version Repository Size
========================================================================================================================
Installing:
bind aarch64 32:9.18.20-1.fc39 updates 523 k
Installing weak dependencies:
bind-dnssec-utils aarch64 32:9.18.20-1.fc39 updates 148 k
Transaction Summary
========================================================================================================================
Install 2 Packages
Total download size: 671 k
Installed size: 4.7 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): bind-9.18.20-1.fc39.aarch64.rpm 2.2 MB/s | 523 kB 00:00
(2/2): bind-dnssec-utils-9.18.20-1.fc39.aarch64.rpm 341 kB/s | 148 kB 00:00
------------------------------------------------------------------------------------------------------------------------
Total 1.1 MB/s | 671 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : bind-dnssec-utils-32:9.18.20-1.fc39.aarch64 1/2
Running scriptlet: bind-32:9.18.20-1.fc39.aarch64 2/2
Installing : bind-32:9.18.20-1.fc39.aarch64 2/2
Running scriptlet: bind-32:9.18.20-1.fc39.aarch64 2/2
Verifying : bind-32:9.18.20-1.fc39.aarch64 1/2
Verifying : bind-dnssec-utils-32:9.18.20-1.fc39.aarch64 2/2
Installed:
bind-32:9.18.20-1.fc39.aarch64 bind-dnssec-utils-32:9.18.20-1.fc39.aarch64
Complete!
: 21:13:08 armf39 /etc
: [1] root $ id named
uid=25(named) gid=25(named) groups=25(named)
: 21:13:10 armf39 /etc
: [1] root $
It also works when I install bind and bind-utils after I have run userdel named.
Ok, I’m getting these errors because SELinux denies the groupadd action. I’m not sure I understand what’s going on and what’s calling what. (/usr)/sbin/groupadd seems to have a properly labeled context.
Is it the rpm script that’s not properly labeled or something with DNF? How would I go about tracking this down please? I know none of DNF installations right now are able to create groups it seems.
Try relabelling your system to see if that fixes it.
touch /.autorelabel
reboot
Thanks, Barry. This fixed this error. How could this have happened that I need to relabel after a fresh install? Someone in the thread said I must’ve booted with SELinux on - and the only time this may have happened was when I did systemd-nspawn -b -D /mnt/root to set a couple of things up during install. Could this have been it?
I do not know, using nspawn does stand out as unusual.
I was picking up on the theme that when commands that cannot-fail fail then selinux label damage is a good guess at the cause.