Steps to reproduce:

1. Prior to update have zabbix-agent-3.4.12-1.el7.x86_64 installed, can see in the rpm verify settings tmpfiles.d/zabbix-agent.conf is not tagged as a config file

$ rpm -V zabbix-agent
S.5....T. c /etc/logrotate.d/zabbix-agent
S.5....T. c /etc/zabbix/zabbix_agentd.conf
..5....T. /usr/lib/tmpfiles.d/zabbix-agent.conf
.....UG.. /var/log/zabbix
.M....... /var/run/zabbix

Contents of the tmpfiles.d/zabbix-agent.conf file has settings for /var/run/ to be 777 so service account can write to it after reboot.

$ cat /usr/lib/tmpfiles.d/zabbix-agent.conf
d /run/zabbix 0777 zabbix zabbix - -

2. run "yum update zabbix-agent"

Result:

Contents of the tmpfiles.d/zabbix-agent.conf get set back to default.

$ cat /usr/lib/tmpfiles.d/zabbix-agent.conf
d /run/zabbix 0755 zabbix zabbix - -

and permissions on /var/run/zabbix changed to 0755

$ ls -ld /var/run/zabbix
drwxr-xr-x. 2 zabbix zabbix 40 Oct 12 18:11 /var/run/zabbix

so the service account being used can not write to /var/run/zabbix and agent fails to start.

Expected:

 The yum update of zabbix-agent would not overwrite the contents of /usr/lib/tmpfiles.d/zabbix-agent.conf.

We need this as company policy won't allow us to use the default zabbix user, and after a yum update the service account can no longer start zabbix, without updating the tmpfiles.d config and permissions on /var/run/zabbix.

Thanks