Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-1294

The 'forcelocal' parameter for the 'user' resource still performs NSS lookups for certain subkeys

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Normal
    • Resolution: Won't Fix
    • None
    • None
    • None
    • Needs Priority

    Description

      I have a particular configuration where a custom NSS plugin intercepts getent passwd calls and replaces the login shell with a new shell. In this situation, using the standard 'user' resource causes a false-positive for Puppet where it thinks the shell is configured as this new value, but it should be set to the value specified in the manifest. Unfortunately, setting 'forcelocal' to 'true' does not appear to solve the issue. I did a little looking through the code, and as far as I can tell, only certain specific subkeys (uid, gid, etc.) utilize the 'forcelocal' parameter (and the login shell is unfortunately not one of them).

      If 'forcelocal' does not support certain keys than (IMO) either:

      1. The documentation should be updated to explicitly list the supported keys
      2. The behavior should change so that all of the keys are supported.
      3. The login shell key is made compatible with 'forcelocal', and #1 is done to boot for the remaining keys to avoid future confusion about this issue

      Right now this is not a huge blocker, but it's requiring me to avoid validating the local settings for login shells wherever this custom NSS module is being used.

      As a side note, my 'libuser' Puppet feature appears to be loading correctly (which is a prereq for 'forcelocal')

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              redmine.exporter redmine.exporter
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support