The area under suspicion appears to work when run by hand but the install script still fails. ---> $ su -l root Password: [root at xen01 ~]# which useradd /usr/sbin/useradd [root at xen01 ~]# which nologin /sbin/nologin [root at xen01 ~]# ll /dev/null crw-rw-rw- 1 root root 1, 3 Nov 16 13:09 /dev/null [root at xen01 ~]# /usr/sbin/useradd -c "Privilege-separated SSH" -u 74 \ > -s /sbin/nologin -r -d /var/empty/sshd sshd 2> /dev/null [root at xen01 ~]# yum update openssh-server Setting up Update Process Setting up repositories dag 100% |=========================| 1.1 kB 00:00 centos-test 100% |=========================| 951 B 00:00 update 100% |=========================| 951 B 00:00 base 100% |=========================| 1.1 kB 00:00 centosplus 100% |=========================| 951 B 00:00 addons 100% |=========================| 951 B 00:00 extras 100% |=========================| 1.1 kB 00:00 Reading repository metadata in from local files primary.xml.gz 100% |=========================| 1.2 MB 00:25 dag : ################################################## 5217/5217 Added 5 new packages, deleted 13 old in 8.25 seconds Reducing Dag Wieers RPM Repository for Red Hat Enterprise Linux to included packages only Finished Reducing CentOS-4 Testing to included packages only Finished Reducing CentOS-4 - Plus to included packages only Finished Resolving Dependencies --> Populating transaction set with selected packages. Please wait. ---> Package openssh-server.i386 0:3.9p1-8.RHEL4.17.1 set to be updated --> Running transaction check Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Updating: openssh-server i386 3.9p1-8.RHEL4.17.1 update 208 k Transaction Summary ============================================================================= Install 0 Package(s) Update 1 Package(s) Remove 0 Package(s) Total download size: 208 k Is this ok [y/N]: y Downloading Packages: Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction error: %pre(openssh-server-3.9p1-8.RHEL4.17.1.i386) scriptlet failed, exit status 255 error: install: %pre scriptlet failed (2), skipping openssh-server-3.9p1-8.RHEL4.17.1 Updated: openssh-server.i386 0:3.9p1-8.RHEL4.17.1 Complete <--- I have my doubts about this part of the pre-install script, however my skills are certainly far inferior to the task of deciphering this: ---> # FIXME: What an unmaintainable mess. ;o) There almost has to be a cleaner # way of doing this. If not, it needs to be figured out and documented to # avoid confusion. use_unix= for config in /etc/X11/xorg.conf /etc/X11/XF86Config /etc/X11/XF86Config-4 ; do if [ -f $config ] && grep -q "unix/:" $config &> /dev/null; then use_unix=1 fi if [ -f $config ] && grep -q "unix/:-1" $config &> /dev/null; then rm -f $config.new $config.rpmsave sed "s#unix/:-1#unix/:7100#g" $config > $config.new cp -f $config $config.rpmsave cat $config.new > $config rm -f $config.new fi if [ -f $config ] && grep -q "unix/:" $config &> /dev/null && \ grep -q "/usr/X11R6/lib/X11/fonts/TrueType" $config &> /dev/null ; then \ sed "s|FontPath[ ]*\"/usr/X11R6/lib/X11/fonts/TrueType\"|#FontPath \"/usr/X11R6/lib/X11/fonts/TrueType\"|g" $config > $config.new cat $config.new > $config rm -f $config.new fi done # If the font server config is using UNIX sockets, disable TCP listen by default if [ -n "$use_unix" ] && ! grep -q "no-listen" /etc/X11/fs/config &> /dev/null;then echo -e "# don't listen on tcp by default\nno-listen = tcp\n" >> /etc/X11/fs/config fi } <--- -- James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3