Add sysusers named user creation (rhbz#2105415)

Drop original user creating in favor of sysusers file definition. (cherry picked from commit 071ec07d27989a8d548834292fa46ca2312b4862) (cherry picked from commit efb20ad8e7) Resolves: RHEL-135629
2025-01-17 14:51:23 +01:00 · 2025-01-17 14:51:23 +01:00 · 4f18fb958f
commit 4f18fb958f
parent f17cf87212
2 changed files with 15 additions and 6 deletions
--- a/bind.spec
+++ b/bind.spec
@ -25,8 +25,6 @@
 %bcond_with    DOCPDF
 %bcond_with    TSAN

-%{?!bind_uid:  %global bind_uid  25}
-%{?!bind_gid:  %global bind_gid  25}
 %{!?_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
 %global        bind_dir          /var/named
 %global        chroot_prefix     %{bind_dir}/chroot
@ -56,7 +54,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  MPLv2.0
 Version:  9.16.23
-Release:  37%{?dist}
+Release:  38%{?dist}
 Epoch:    32
 Url:      https://www.isc.org/downloads/bind/
 #
@ -87,6 +85,7 @@ Source46: named-setup-rndc.service
 Source47: named-pkcs11.service
 Source48: setup-named-softhsm.sh
 Source49: named-chroot.files
+Source50: named.sysusers
 Source51: bind-chroot.tmpfiles.d

 # Common patches
@ -202,8 +201,9 @@ Patch224: bind-9.16-CVE-2025-40780.patch
 Patch225: bind-9.16-CVE-2025-40778.patch

 %{?systemd_ordering}
+# https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers
+%{?sysusers_requires_compat}
 Requires:       coreutils
-Requires(pre):  shadow-utils
 Requires(post): shadow-utils
 Requires(post): glibc-common
 Requires(post): grep
@ -766,6 +766,9 @@ install -m 644 %{SOURCE38} ${RPM_BUILD_ROOT}%{_unitdir}
 install -m 644 %{SOURCE44} ${RPM_BUILD_ROOT}%{_unitdir}
 install -m 644 %{SOURCE46} ${RPM_BUILD_ROOT}%{_unitdir}

+mkdir -p ${RPM_BUILD_ROOT}%{_sysusersdir}
+install -m 644 %{SOURCE50} ${RPM_BUILD_ROOT}%{_sysusersdir}/named.conf
+
 %if %{with PKCS11}
 install -m 644 %{SOURCE47} ${RPM_BUILD_ROOT}%{_unitdir}
 %else
@ -909,8 +912,7 @@ install -p -m 644 %{SOURCE43} ${RPM_BUILD_ROOT}%{_sysconfdir}/rwtab.d/named

 %pre
 if [ "$1" -eq 1 ]; then
-  /usr/sbin/groupadd -g %{bind_gid} -f -r named >/dev/null 2>&1 || :;
-  /usr/sbin/useradd  -u %{bind_uid} -r -N -M -g named -s /sbin/nologin -d /var/named -c Named named >/dev/null 2>&1 || :;
+  %sysusers_create_compat %{SOURCE50}
 fi;
 :;

@ -1029,6 +1031,7 @@ fi;
 %{_unitdir}/named.service
 %{_unitdir}/named-setup-rndc.service
 %{_sbindir}/named-journalprint
+%{_sysusersdir}/named.conf
 %{_sbindir}/named-checkconf
 %{_bindir}/named-rrchecker
 %{_bindir}/mdig
@ -1255,6 +1258,9 @@ fi;
 %endif

 %changelog
+* Fri Dec 12 2025 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-38
+- Add sysusers named user creation (RHEL-132053)
+
 * Fri Dec 12 2025 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-37
 - Create /var/named directories for bind-chroot (RHEL-132053)

--- a/named.sysusers
+++ b/named.sysusers
@ -0,0 +1,3 @@
+#Type Name       ID                  GECOS              Home directory Shell
+u     named      25                 "Named"             /var/named     /sbin/nologin
+g     named      25