Fix creation of the stapunpriv user

stapunpriv is a system user not needing a homedir. Previously, specfile did set a homedir, but didn't create it. Fresh installations now set "/" as the homedir via _systemtap_runtime_preinstall, as SYSUSERS.D(5) recommends. Fix existing broken installations, keep upgrade path clean. Resolves: RHEL-132057
2025-11-28 14:46:11 +01:00 · 2025-11-28 14:46:11 +01:00 · ca6f781d02
commit ca6f781d02
parent 5a1c914dab
1 changed files with 18 additions and 8 deletions
--- a/systemtap.spec
+++ b/systemtap.spec
@ -98,23 +98,23 @@ g     stapusr  156\
 g     stapsys  157\
 g     stapdev  158\
 g     stapunpriv 159\
-u     stapunpriv 159      "systemtap unprivileged user"   /var/lib/stapunpriv   /sbin/nologin\
+u     stapunpriv 159      "systemtap unprivileged user"\
 m     stapunpriv stapunpriv

 %define _systemtap_server_preinstall \
 # See systemd-sysusers(8) sysusers.d(5)\
 \
 g     stap-server  -\
-u     stap-server  -      "systemtap compiler server"   /var/lib/stap-server   /sbin/nologin\
+u     stap-server  -      "systemtap compiler server"   /var/lib/stap-server\
 m     stap-server stap-server


 %define _systemtap_testsuite_preinstall \
 # See systemd-sysusers(8) sysusers.d(5)\
 \
-u     stapusr  -          "systemtap testsuite user"    /   /sbin/nologin\
-u     stapsys  -          "systemtap testsuite user"    /   /sbin/nologin\
-u     stapdev  -          "systemtap testsuite user"    /   /sbin/nologin\
+u     stapusr  -          "systemtap testsuite user"\
+u     stapsys  -          "systemtap testsuite user"\
+u     stapdev  -          "systemtap testsuite user"\
 m     stapusr  stapusr\
 m     stapsys  stapusr\
 m     stapsys  stapsys\
@ -131,7 +131,7 @@ f /var/log/stap-server/log 0644 stap-server stap-server -
 Name: systemtap
 # PRERELEASE
 Version: 5.4
-Release: 1%{?release_override}%{?dist}
+Release: 2%{?release_override}%{?dist}
 # for version, see also configure.ac


@ -884,11 +884,18 @@ getent group stapusr >/dev/null || groupadd -f -g 156 -r stapusr
 getent group stapsys >/dev/null || groupadd -f -g 157 -r stapsys
 getent group stapdev >/dev/null || groupadd -f -g 158 -r stapdev
 getent passwd stapunpriv >/dev/null || \
-  useradd -c "Systemtap Unprivileged User" -u 159 -g stapunpriv -d %{_localstatedir}/lib/stapunpriv -r -s /sbin/nologin stapunpriv 2>/dev/null || \
-  useradd -c "Systemtap Unprivileged User" -g stapunpriv -d %{_localstatedir}/lib/stapunpriv -r -s /sbin/nologin stapunpriv
+  useradd -c "Systemtap Unprivileged User" -u 159 -g stapunpriv -d / -r -s /sbin/nologin stapunpriv 2>/dev/null || \
+  useradd -c "Systemtap Unprivileged User" -g stapunpriv -d / -r -s /sbin/nologin stapunpriv
 exit 0
 %endif

+%post runtime
+# stapunpriv is a system user not needing a homedir.  Previously, specfile did
+# set a homedir, but didn't create it.  Fresh installations now set "/" as the
+# homedir via _systemtap_runtime_preinstall, as SYSUSERS.D(5) recommends.  Fix
+# existing broken installations, keep upgrade path clean.  Related: RHEL-130244.
+getent passwd stapunpriv | cut -d: -f6 | grep -q '^/var/lib/stapunpriv$' && usermod -d / stapunpriv
+
 %pre server
 %if %{with_sysusers}
 %if (0%{?fedora} && 0%{?fedora} < 42) || (0%{?rhel} && 0%{?rhel} < 11)
@ -1363,6 +1370,9 @@ exit 0

 # PRERELEASE
 %changelog
+* Fri Nov 28 2025 Martin Cermak <mcermak@redhat.com> - 5.4-2
+- Fix RHEL-132057
+
 * Fri Oct 31 2025 Frank Ch. Eigler <fche@redhat.com> - 5.4-1
 - Upstream release, see wiki page below for detailed notes.
  https://sourceware.org/systemtap/wiki/SystemTapReleases