Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-2928

Puppet tries to update the group for user when he is listed as its member twice.

    Details

    • Type: Bug
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: PUP 5.3.3
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Template:
    • Team:
      Coremunity

      Description

      When a user is found in several nss group backends ralsh shows it as being included into a group more than once and puppet continually tries to remove the user from that group.

      To clarify:

      I have a following resource in my manifest:

      user { 'tomcat7':
        groups  => 'ssl-user',
      }
      

      Until recently everything was just fine but lately the following actions began to appear:

      notice: /Stage[main]/Tomcat/User[tomcat7]/groups: groups changed 'ssl-user,ssl-user' to 'ssl-user'
      

      The reason for that behaviour turned out to be the following line in /etc/nsswitch.conf:

      root@susegrp1:~# cat /etc/nsswitch.conf  | grep group
      group:         files ldap compat
      

      When I remove the line everything returns back to normal way.

      Here is the output of actual state of resource on the system and as seen by puppet:

      root@susegrp1:~# id tomcat7
      uid=108(tomcat7) gid=114(tomcat7) groups=301(ssl-user),114(tomcat7)
       
      root@susegrp1:~# getent group | grep ssl-user
      ssl-user:x:301:tomcat7
      ssl-user:x:301:tomcat7
       
      root@susegrp1:~# ralsh user tomcat7
      warning: User tomcat7 found in both useradd and useradd; skipping the useradd version
      user { 'tomcat7':
        ensure           => 'present',
        gid              => '114',
        groups           => ['ssl-user', 'ssl-user'],
        home             => '/usr/share/tomcat7',
        password         => '*',
        password_max_age => '99999',
        password_min_age => '0',
        shell            => '/bin/false',
        uid              => '108',
      }
      

      I've reproduced this on puppet version 2.7.11-13 and not tested others.

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  redmine.exporter redmine.exporter
                • Votes:
                  1 Vote for this issue
                  Watchers:
                  6 Start watching this issue

                  Dates

                  • Created:
                    Updated: