https://bugzilla.altlinux.org/show_bug.cgi?id=17718 suggests that the intended configuration of permissions for klogd be checked in a working system. The "configuration" is the relation between the dedicated user "klogd", his primary group (stored in /etc/passwd), the group named "klogd" (stored in /etc/groups) and the permissions on the working directory (/var/lib/klogd/...).
The situation reported in https://bugzilla.altlinux.org/show_bug.cgi?id=17250 was caused by a typo in /etc/passwd which had lead to an inconsistency between /etc/passwd and /etc/group.
This inconsistency could have been formally discovered.
This feature request suggests there could be a general mechanism for this in the system (and it could be employed, say, on every startup of a service, or after the administrator edited something).
Now the intended configuration is expressed in an imperative way by the commands in the RPM preinstall script:
# rpm -q klogd --scripts
preinstall scriptlet (through /bin/sh):
/usr/sbin/groupadd -r -f klogd
/usr/sbin/useradd -r -g klogd -d /dev/null -s /dev/null -n klogd >/dev/null 2>&1 ||:
but this intention could be installed as a declarative policy ("the primary gid of user klogd is the group with name klogd"). Then this policy could be checked any time.
(And such a check would discover my typo.)
A simplified approximation to such checks (on package upgrades): https://bugzilla.altlinux.org/show_bug.cgi?id=17720 .
tracked at https://bugs.launchpad.net/rpm/+bug/910889