Skip to content

RPM pre-install scriptlet fails to set up knot-resolver user and group correctly #130

New issue
New issue
Open
Open
RPM pre-install scriptlet fails to set up knot-resolver user and group correctly#130
@cyqsimon

Description

@cyqsimon
cyqsimon
opened on Oct 8, 2025

When installing knot-resolver 5.7.6 from EPEL9 on a system for the first time, the scriptlet that is supposed to set up the knot-resolver user and group fails to do so correctly, causing a host of installation problems.

Relevant logs from dnf install -y knot-resolver:

  Running scriptlet: knot-resolver-5.7.6-1.el9.x86_64                                                                            30/31
  Installing       : knot-resolver-5.7.6-1.el9.x86_64                                                                            30/31
warning: user knot-resolver does not exist - using root
warning: group knot-resolver does not exist - using root
warning: user knot-resolver does not exist - using root
warning: group knot-resolver does not exist - using root
warning: user knot-resolver does not exist - using root
warning: group knot-resolver does not exist - using root

  Running scriptlet: knot-resolver-5.7.6-1.el9.x86_64                                                                            30/31
/usr/lib/tmpfiles.d/knot-resolver.conf:4: Failed to resolve user 'knot-resolver': No such process
/usr/lib/tmpfiles.d/knot-resolver.conf:5: Failed to resolve user 'knot-resolver': No such process
/usr/lib/tmpfiles.d/knot-resolver.conf:6: Failed to resolve user 'knot-resolver': No such process

systemctl start [email protected] will then fail due to multiple file permission related errors.

To reproduce

The easiest way is to use a container. The same problem exists on full, physical hosts too.

# enter a fresh container
podman run --rm -it rockylinux:9 bash
# install knot-resolver; observe errors during installation
dnf install -y epel-release && dnf install -y [email protected]
# observe that the knot-resolver user and group have not been added correctly
grep knot-resolver /etc/{passwd,group}
# start knot-resolver and observe failures
systemctl start [email protected] && journalctl -u [email protected]

A workaround

Currently it is possible to get a working installation with the following procedure:

  1. Install knot-resolver.
  2. Start the service with systemctl start [email protected] and let it fail. Systemd will create the knot-resolver user and group as declared in the service unit.
  3. Uninstall knot-resolver.
  4. Install knot-resolver again. This time there won't be file permissions because the the knot-resolver user and group exist.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions