`dnf install bind bind-utils` fails to create user/group `named`

Running this: sudo dnf install bind bind-utils -y worked before but now it produces these warnings:

warning: group named does not exist - using root
warning: user named does not exist - using root
/usr/lib/tmpfiles.d/named.conf:1: Failed to resolve user 'named': No such process

Shouldn’t bind create user/group named like it did before?

It looks like the RPM has the script to setup the named group and user on install.

$ rpm -q --scripts bind
preinstall scriptlet (using /bin/sh):
if [ "$1" -eq 1 ]; then
  /usr/sbin/groupadd -g 25 -f -r named >/dev/null 2>&1 || :;
  /usr/sbin/useradd  -u 25 -r -N -M -g named -s /sbin/nologin -d /var/named -c Named named >/dev/null 2>&1 || :;

$1 is 1 on install.

Becuase of the >/dev/null 2>&1 no errors will be reported on the terminal.

What happens if you run these are root?

/usr/sbin/groupadd -g 25 -f -r named
/usr/sbin/useradd  -u 25 -r -N -M -g named -s /sbin/nologin -d /var/named -c Named named 

Says invalid option -- 'N'

Both commands work for me on my F39 arm VM.

What Fedora version are you using?
Check that useradd -h documents -N.

:  17:11:35   armf39  ~
: [1] root $ /usr/sbin/groupadd -g 25 -f -r named

:  17:11:39   armf39  ~
: [1] root $ /usr/sbin/useradd  -u 25 -r -N -M -g named -s /sbin/nologin -d /var/named -c Named named

:  17:11:49   armf39  ~
: [1] root $  id named
uid=25(named) gid=25(named) groups=25(named)

:  17:12:45   armf39  ~
: [1] root $

Ok, I did it again and the group and user have been created okay.
I deleted the user and the group and tried to intall bind and bind-utils again and I’m getting the same error.
Interestingly, when I install bind and bind-utils AFTER I run these two commands to create user and group manually the bind and bind-utils installation proceeds without warning or errors.

What bind version are you installing? I’m trying to install bind-32:9.18.20-1.fc39 that gives me these warnings.

I did not try installing bind, I just tested the useradd and groupadd commands.
Your report of -N not working should not have happened.

I know something is fishy.
Well, let’s troubleshooot. I tested individual useradd and groupadd commands and they work now, for now. I’m still getting no user and group created though when I install bind and bind-utils (and others like pesign so it’s a blanket problem). I can create users and groups manually and when I do that and reinstall packages things are installed and function correctly, it seems. So what is wrong with dnf/rpm and how to look further into it?

bind-utils is already installed on my f39.

I just install bind and it works:

:  21:12:58   armf39  /etc
: [1] root $ id named
id: ‘named’: no such user

:  21:13:00   armf39  /etc
: [1] root $ dnf install bind
Last metadata expiration check: 3:07:55 ago on Sun 17 Dec 2023 18:05:10 GMT.
Dependencies resolved.
 Package                          Architecture           Version                           Repository              Size
 bind                             aarch64                32:9.18.20-1.fc39                 updates                523 k
Installing weak dependencies:
 bind-dnssec-utils                aarch64                32:9.18.20-1.fc39                 updates                148 k

Transaction Summary
Install  2 Packages

Total download size: 671 k
Installed size: 4.7 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): bind-9.18.20-1.fc39.aarch64.rpm                                                  2.2 MB/s | 523 kB     00:00
(2/2): bind-dnssec-utils-9.18.20-1.fc39.aarch64.rpm                                     341 kB/s | 148 kB     00:00
Total                                                                                   1.1 MB/s | 671 kB     00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                1/1
  Installing       : bind-dnssec-utils-32:9.18.20-1.fc39.aarch64                                                    1/2
  Running scriptlet: bind-32:9.18.20-1.fc39.aarch64                                                                 2/2
  Installing       : bind-32:9.18.20-1.fc39.aarch64                                                                 2/2
  Running scriptlet: bind-32:9.18.20-1.fc39.aarch64                                                                 2/2
  Verifying        : bind-32:9.18.20-1.fc39.aarch64                                                                 1/2
  Verifying        : bind-dnssec-utils-32:9.18.20-1.fc39.aarch64                                                    2/2

  bind-32:9.18.20-1.fc39.aarch64                       bind-dnssec-utils-32:9.18.20-1.fc39.aarch64


:  21:13:08   armf39  /etc
: [1] root $ id named
uid=25(named) gid=25(named) groups=25(named)

:  21:13:10   armf39  /etc
: [1] root $

It also works when I install bind and bind-utils after I have run userdel named.

Ok, I’m getting these errors because SELinux denies the groupadd action. I’m not sure I understand what’s going on and what’s calling what. (/usr)/sbin/groupadd seems to have a properly labeled context.

Is it the rpm script that’s not properly labeled or something with DNF? How would I go about tracking this down please? I know none of DNF installations right now are able to create groups it seems.

Try relabelling your system to see if that fixes it.

touch /.autorelabel

Thanks, Barry. This fixed this error. How could this have happened that I need to relabel after a fresh install? Someone in the thread said I must’ve booted with SELinux on - and the only time this may have happened was when I did systemd-nspawn -b -D /mnt/root to set a couple of things up during install. Could this have been it?

I do not know, using nspawn does stand out as unusual.

I was picking up on the theme that when commands that cannot-fail fail then selinux label damage is a good guess at the cause.