Bug 1010384

Summary: pwck: no matching password file entry for 'avahi-autoipd' in /etc/shadow
Product: [openSUSE] openSUSE Distribution Reporter: Ulrich Windl <Ulrich.Windl>
Component: BasesystemAssignee: Dominique Leuenberger <dimstar>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: Ulrich.Windl
Version: Leap 42.1   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Ulrich Windl 2016-11-16 07:41:01 UTC 
When running pwck, I get these messages:
---
# pwck
no matching password file entry in /etc/shadow
add user 'avahi-autoipd' in /etc/shadow? n
user 'nm-openconnect': directory '/var/lib/nm-openconnect' does not exist
user 'pulse': directory '/var/lib/pulseaudio' does not exist
pwck: no changes
---
So I guess the user 'avahi-autoipd' was added by a "non-standard way".
However inspecting "rpm -q --scripts avahi-autoipd-0.6.31-26.1.x86_64", it seems it does it correctly:
preinstall scriptlet (using /bin/sh):
/usr/sbin/groupadd -r avahi-autoipd 2> /dev/null || :
/usr/sbin/useradd -r -s /bin/false -c "User for Avahi IPv4LL" -d /var/lib/avahi-autoipd -g avahi-autoipd avahi-autoipd 2> /dev/null || :

So maybe an older version did an odd thing. In changelog there are two occurrences that might match this suspect:
* Wed Sep 25 2013 di.....@opensuse.org
- Sanitize scrtiplet requirements (bnc#839520):
  + Add shadow Requires(pre) for useradd and groupadd.

* Wed Nov 14 2012 di.....@opensuse.org
- Fix useradd invocation: -o is useless without -u and newer
  versions of pwdutils/shadowutils fail on this now.

I could not find out when the particular user entry had been created as systemd does not have logs older than "2016-08-11 08:13:45" here (no more archived /var/log/messages).
Comment 2 Dominique Leuenberger 2017-02-18 17:32:20 UTC 
the package avahi-autoipd was split out back in 2013 - since then, this part of the scripts have not been touched as far as I see;

Can it really be that your system / that user is older than that?

If so, then I think we shold be really safe to close it as fixed
Comment 3 Ulrich Windl 2017-02-20 08:16:39 UTC 
As the problem was reported for Leap 41.2, the installation cannot be older than the original Leap 42.2 release. I don't know how old the packages in 42.1 were.

Found some logs in zypp/history:
# 2015-10-29 20:33:24 avahi-autoipd.rpm installed ok
# Additional rpm output:
# Updating /etc/sysconfig/avahi...
# 
2015-10-29 20:33:24|install|avahi-autoipd|0.6.31-24.1|x86_64|root@opensuse|InstallationImage|a1026f456e201dfcde0fbb5f51368efae6ba2903b6142fb5e01c9effb21429b5|
# 2015-12-18 02:55:54 avahi-autoipd-0.6.31-26.1.x86_64.rpm installed ok
# Additional rpm output:
# Updating /etc/sysconfig/avahi...
# 
2015-12-18 02:55:54|install|avahi-autoipd|0.6.31-26.1|x86_64|3242:y2base|download.opensuse.org-oss_1|8daec996c6132c308e3116cd9fc17073e413aedc5125b13967d3266e337f3842|
# 2016-11-18 06:38:42 avahi-autoipd-0.6.32-1.2.x86_64.rpm installed ok
# Additional rpm output:
# Updating /etc/sysconfig/avahi...
# 
2016-11-18 06:38:42|install|avahi-autoipd|0.6.32-1.2|x86_64||openSUSE-42.2-0|5b8584464e6259f7699f672ab01f6dd7bba4c760|

I don't know if there exists additional logs going back that far.
Comment 4 Ulrich Windl 2017-02-20 08:20:25 UTC 
(In reply to my comment #0)
> /usr/sbin/groupadd -r avahi-autoipd 2> /dev/null || :
> /usr/sbin/useradd -r -s /bin/false -c "User for Avahi IPv4LL" -d
> /var/lib/avahi-autoipd -g avahi-autoipd avahi-autoipd 2> /dev/null || :

Maybe suppressing error output and ignoring exit codes is a bad idea: If any error had occurred, we wouldn't see them.
Comment 5 Dominique Leuenberger 2017-05-30 13:25:42 UTC 
Request: #499768

  submit:       GNOME:Next/avahi@17 -> GNOME:Factory


Message:
Modify user generation scripts

We no longer hide output of useradd/groupadd, don't mask away errors

I think that's about all we can do at this point