A simplification of https://bugzilla.altlinux.org/show_bug.cgi?id=17719 :

The RPM preinstall script:

# rpm -q klogd --scripts 
preinstall scriptlet (through /bin/sh):
/usr/sbin/groupadd -r -f klogd
/usr/sbin/useradd -r -g klogd -d /dev/null -s /dev/null -n klogd >/dev/null 2>&1 ||:

expresses the intended configuration:

"the primary gid of user klogd is the group with name klogd".

I suggest an option to useradd that would be analoguous to "groupadd -f" and would check if the existing user is compatible with what is requested in the command.

The manual on "groupadd -f":

       -f     This is force flag.  This will stop  groupadd  exit  with  error
              when  the  group about to be added already exists on the system.
              If that is the case, the group won't be altered (or added again,
              for that matter).

The suggested option "useradd -F":

      -F     This is force flag.  This will stop  useradd  exit  with  error
              when  the  user about to be added already exists on the system.
              If that is the case, the user won't be altered (or added again,
              for that matter). But if "-g GROUP" option was specified, a compatibility check will be performed: useradd will exit with error if the requested group named GROUP doesn't denote (per /etc/group) the primary gid of the existing user.

Then the RPM script could be re-written as:

preinstall scriptlet (through /bin/sh):
/usr/sbin/groupadd -r -f klogd
/usr/sbin/useradd -r -F -g klogd -d /dev/null -s /dev/null -n klogd

When updating the package, it would finish successfully if the user already exists, but it would detect inconsistent /etc/passwd+/etc/group and report it. 

Such a script would have detected the error caused by a typo in /etc/passwd , which is described in https://bugzilla.altlinux.org/show_bug.cgi?id=17250#c11 .