Details
-
Bug
-
Status: Resolved
-
Normal
-
Resolution: Fixed
-
PUP 7.4.0, PUP 6.21.0
-
None
-
Needs Assessment
-
Bug Fix
-
Fix an issue where Puppet would fail applying user resources with forcelocal if there are empty lines in /etc/group
-
Needs Assessment
Description
Puppet Version: 7.4.0 and 6.21.0 (and later)
Puppet Server Version: Masterless to demonstrate issue
OS Name/Version: CentOS 7
A user resource with forcelocal => true and groups attributes set will fail if /etc/group contains any empty/blank lines
# egrep -n '^$|testuser' /etc/passwd /etc/group
|
/etc/passwd:24:testuser:x:1001:1001:testuser:/home/testuser:/bin/bash |
/etc/group:41:centos:x:1000:testuser |
/etc/group:42:testuser:x:1001: |
/etc/group:43: |
# grpck -r
|
invalid group file entry |
delete line ''? No |
grpck: no changes
|
# bundle exec puppet apply -e "user { 'testuser': groups => ['centos'], forcelocal => true}"
|
Notice: Compiled catalog for [redacted] in environment production in 0.02 seconds |
Error: undefined method `split' for nil:NilClass |
# |
This is due to this line in localgroup method added for PUP-10857 in puppet 6.21.0 / puppet 7.4.0 and later
This does not occur in puppet 6.19.1 and earlier (example output from 6.16 agent)
# puppet --version
|
6.16.0
|
# puppet apply -e "user { 'testuser': groups => ['centos'], forcelocal => true}"
|
Notice: Compiled catalog for [redacted] in environment production in 0.04 seconds |
Notice: Applied catalog in 0.06 seconds |
# |
While empty lines in /etc/group are technically not valid configuration, the behaviour change is difficult to diagnose as it occurs when the catalog is applied/enforced, and does not return much detail in the error.
Desired Behavior:
Ideally do not fail when empty lines are encountered, or at least output more detailed failure message.
Actual Behavior:
Error: undefined method `split' for nil:NilClass |
