Bug #6005
User type cannot handle project property
| Status: | Accepted | Start date: | 01/25/2011 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | user | |||
| Target version: | 2.7.x | |||
| Affected Puppet version: | Branch: | |||
| Keywords: | ||||
| Votes: | 0 |
Description
The user resource has a »project« property that is supposed to set the defaultproject for a user in /etc/user_attr. This doesnt work.
What you need to reproduce the bug
- Solaris (testet on Solaris 5.10 Intel CPU)
- a project that is present in /etc/project
testproj:4503::::
- a simple manifest like this
user { "testuser":
project => "testproj",
ensure => present,
}
Now lets run puppet
debug: User[testuser](provider=user_role_add): Executing '/usr/sbin/useradd -p testproj testuser' notice: /Stage[main]//User[testuser]/ensure: created
Unfortunately useradd -p and usermod -p only add the user in the allowed users list in etc/project. The project now looks like this
testproj:4503::testuser::
However, no entry is created in /etc/user_attr and running projects -d testuser that will print out the default project for the testusers still says default (default is a project that should be present on every Solaris host). So puppet running useradd -p (same is true for usermod -p)
- is not what I want/expect
- is not what puppet checks agains
On any following puppet run, puppet now claims that the user has no default project:
debug: User[testuser](provider=user_role_add): Executing '/usr/sbin/usermod -p testproj testuser' notice: /Stage[main]//User[testuser]/project: project changed '' to 'testproj'
Possible solution
To change the defaultproject one can run usermod -K project=testproj testuser. This will update the entry in /etc/user_attr that will now look like this:
testuser::::type=normal;project=testproj
Puppet will now report that the project property is in sync.
Drawback
I dont know a command that will erease the project entry.
usermod -p testuser # the above erases the user in /etc/project but doesnt remove the user_attr entry usermod -K 'project' testuser UX: usermod: ERROR: Missing value specification. usermod -K 'project=' testuser UX: usermod: ERROR: is not a valid project name. Choose another. usermod -K 'project=""' testuser UX: usermod: ERROR: "" is not a valid project name. Choose another.
It is important that we can erase the project entry because if there is none, the default will be
a) a project that is called user.testuser if there a project with that name
b) a project that is called group.some_group_testuser_is_in if there is project with that name
c) the project called default
If we want this implicit project assignment we have to be able to erase the project from the /etc/user_attr entry.
Possible solution 2¶
Use a parsedfile provider to update /etc/user_attr. That’s what I’m doing right now.
History
Updated by Stefan Schulte over 1 year ago
- Category set to user
Updated by Nigel Kersten over 1 year ago
- Status changed from Unreviewed to Accepted
- Target version set to 2.6.x
Updated by James Turnbull over 1 year ago
- Target version changed from 2.6.x to 2.6.6
Updated by James Turnbull about 1 year ago
- Target version changed from 2.6.6 to 2.6.x
Updated by Michael Stahnke 4 months ago
- Target version changed from 2.6.x to 2.7.x
2.6.x is closed. Moving to 2.7.x