Why is the "Bad owner/group" error necessary?

Jay Hendren jay.hendren at Colorado.EDU
Wed Apr 15 19:11:19 UTC 2015

Hey folks,

I've cross-posted this same question to the RPM GitHub issue tracker (https://github.com/rpm-software-management/rpm/issues/2), but given that there appears to be very little activity in that issue tracker, I thought it would be prudent to post to the mailing list as well.  My apologies if I'm not using the right communications channels.  Anyway, here is my question, reprinted from the above link:

I've been working on a automated rpm build system for my organization (similar to mock, but with some key differences). One problem I've been running into is that the uid and/or gids that own the spec files and source files won't always correspond to a user within the build environment. This causes rpmbuild to throw a "Bad owner/group" error and quit without building. This error is frustrating because it's thrown even if the user running the build has read access to the spec and source files and write access to the build, buildroot etc. directories.

After poking through the source for rpmbuild, I didn't see any reason why the uid/gid mapping needs to be checked (it looks like it's checked once during prep and once again when the rpms are packed), so I patched out the checks that were throwing the error in question and rebuilt rpmbuild. I tested my patched rpmbuild in environments with good uid/gid mappings and bad uid/gid mappings and it seems to build just fine in both cases. As long as rpmbuild has the access it needs at the filesystem level, it doesn't seem to have any issues.

Here is the patch for the changes I made to the source. I'm not a C programmer and I don't completely understand what's going on in files.c (which is why I'm not submitting a pull request), but the changes seem to be harmless as far as I can tell:

diff -uNr rpm-4.11.1/build/files.c rpm-4.11.1.new/build/files.c
--- rpm-4.11.1/build/files.c    2013-06-10 09:55:10.000000000 -0600
+++ rpm-4.11.1.new/build/files.c    2015-04-10 13:46:41.056521885 -0600
@@ -2052,10 +2052,13 @@
        flp->gname = rpmugStashStr(rpmugGname(flp->fl_gid));
    flp->langs = xstrdup("");
-   if (! (flp->uname && flp->gname)) {
-       rpmlog(RPMLOG_ERR, _("Bad owner/group: %s\n"), diskPath);
-       fl.processingFailed = 1;
+   if (! flp->uname) {
+       flp->uname = "";
+   }
+   if (! flp->gname) {
+       flp->gname = "";

diff -uNr rpm-4.11.1/build/parsePrep.c rpm-4.11.1.new/build/parsePrep.c
--- rpm-4.11.1/build/parsePrep.c    2012-11-18 01:21:06.000000000 -0700
+++ rpm-4.11.1.new/build/parsePrep.c    2015-04-10 11:16:28.217096498 -0600
@@ -29,10 +29,6 @@
        urlfn, strerror(errno));
    return RPMRC_FAIL;
-   if (!rpmugUname(sb.st_uid) || !rpmugGname(sb.st_gid)) {
-      rpmlog(RPMLOG_ERR, _("Bad owner/group: %s\n"), urlfn);
-      return RPMRC_FAIL;
-   }

    return RPMRC_OK;

Why is the "Bad owner/group" error and the checks that throws that error necessary, considering that:

  * it leads to unexpected behavior (rpmbuild quits even if it has the right access to the files and folders it needs to read/write)
  * patching out the check doesn't appear to break rpmbuild



More information about the Rpm-list mailing list