Puppet: System Administration Automated

Support

Ticket #1076 (new defect)

Opened 11 months ago

Last modified 9 months ago

Error whilst reducing users' groups to zero.

Reported by: chilli Assigned to: luke
Priority: normal Milestone:
Component: user Version: 0.24.1
Severity: normal Keywords: users groups
Cc: Triage Stage: Needs design decision
Attached Patches: None Complexity: Easy

Description

Two possible problems here, one is that reducing a user's groups to empty ("") doesn't seem to remove users from groups and secondly if a custom gid has been set an illegal usermod command line is formed.

Output with trace: 

notice: Starting catalog run
debug: Loaded state in 0.01 seconds
debug: //Node[scratch.betgenius.local]/User[pinky]: Autorequiring Group[pinky]
debug: //Node[scratch.betgenius.local]/User[pinky]: Autorequiring Group[brain]
debug: //Node[scratch.betgenius.local]/User[pinky]: Changing groups
debug: //Node[scratch.betgenius.local]/User[pinky]: 1 change(s)
debug: User[pinky](provider=useradd): Executing '/usr/sbin/usermod -G ,brain pinky'
/usr/lib/site_ruby/1.8/puppet/provider/nameservice.rb:326:in `set'
/usr/lib/site_ruby/1.8/puppet/provider/nameservice.rb:88:in `groups='
/usr/lib/site_ruby/1.8/puppet/provider/nameservice.rb:88:in `groups='
/usr/lib/site_ruby/1.8/puppet/property.rb:149:in `send'
/usr/lib/site_ruby/1.8/puppet/property.rb:149:in `call_provider'
/usr/lib/site_ruby/1.8/puppet/property.rb:354:in `set'
/usr/lib/site_ruby/1.8/puppet/property.rb:422:in `sync'
/usr/lib/site_ruby/1.8/puppet/propertychange.rb:81:in `go'
/usr/lib/site_ruby/1.8/puppet/propertychange.rb:109:in `forward'
/usr/lib/site_ruby/1.8/puppet/transaction.rb:119:in `apply_changes'
/usr/lib/site_ruby/1.8/puppet/transaction.rb:111:in `collect'
/usr/lib/site_ruby/1.8/puppet/transaction.rb:111:in `apply_changes'
/usr/lib/site_ruby/1.8/puppet/transaction.rb:83:in `apply'
/usr/lib/site_ruby/1.8/puppet/transaction.rb:240:in `eval_resource'
/usr/lib/site_ruby/1.8/puppet/transaction.rb:239:in `thinmark'
/usr/lib/site_ruby/1.8/puppet/util.rb:443:in `measure'
/usr/lib/ruby/1.8/benchmark.rb:342:in `realtime'
/usr/lib/site_ruby/1.8/puppet/util.rb:443:in `thinmark'
/usr/lib/site_ruby/1.8/puppet/transaction.rb:241:in `eval_resource'
/usr/lib/site_ruby/1.8/puppet/transaction.rb:311:in `evaluate'
/usr/lib/site_ruby/1.8/puppet/transaction.rb:310:in `thinmark'
/usr/lib/site_ruby/1.8/puppet/util.rb:443:in `measure'
/usr/lib/ruby/1.8/benchmark.rb:342:in `realtime'
/usr/lib/site_ruby/1.8/puppet/util.rb:443:in `thinmark'
/usr/lib/site_ruby/1.8/puppet/transaction.rb:312:in `evaluate'
/usr/lib/site_ruby/1.8/puppet/transaction.rb:304:in `collect'
/usr/lib/site_ruby/1.8/puppet/transaction.rb:304:in `evaluate'
/usr/lib/site_ruby/1.8/puppet/node/catalog.rb:102:in `apply'
/usr/lib/site_ruby/1.8/puppet/network/client/master.rb:260:in `run'
/usr/lib/site_ruby/1.8/puppet/network/client/master.rb:259:in `benchmark'
/usr/lib/site_ruby/1.8/puppet/util.rb:211:in `measure'
/usr/lib/ruby/1.8/benchmark.rb:342:in `realtime'
/usr/lib/site_ruby/1.8/puppet/util.rb:211:in `benchmark'
/usr/lib/site_ruby/1.8/puppet/network/client/master.rb:259:in `run'
/usr/lib/site_ruby/1.8/puppet/network/client/master.rb:241:in `synchronize'
/usr/lib/site_ruby/1.8/puppet/network/client/master.rb:241:in `run'
/usr/sbin/puppetd:429
err: //Node[scratch.betgenius.local]/User[pinky]/groups: change from brain to ,brain failed: Could not set groups on user[pinky]: Execution of '/usr/sbin/usermod -G ,brain pinky' returned 1536: usermod: unknown group 

debug: Finishing transaction -606431708 with 1 changes
debug: Storing state
debug: Stored state in 0.09 seconds
notice: Finished catalog run in 0.17 seconds

Test case, run once then toggle first_run: 

node test {
       $first_run = true
        if $first_run {
                group {"brain": ensure => present }
                group {"pinky": ensure => present }
                user { "pinky": 
                        gid => "pinky",
                        ensure => present,
                        groups => "brain"
                }
        }
        else {
                group {"brain": ensure => present }
                group {"pinky": ensure => present }
                user { "pinky": 
                        gid => "pinky",
                        ensure => present,
                        groups => ""
                }
        }
}

Change History

02/23/08 00:07:34 changed by jamtur01

What platform is this - OS and version?

02/23/08 05:12:31 changed by jamtur01

  • owner changed from community to luke.
  • complexity changed from Unknown to Easy.
  • stage changed from Unreviewed to Needs design decision.

Okay I know why this happening - the groups attribute doesn't cater for null values - a comma is automatically assigned. Using a null value will also not delete existing groups from a user.

Luke - need your input to determine the correct fix here - is groups => "" correct behaviour or should it throw an error? What is the correct behaviour for removing all groups from a user?

04/24/08 07:18:02 changed by luke

  • component changed from client to user.

Marking #737 as a duplicate.