Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-6285

Puppet fails to restore a group key value for Mac OS X



    • Bug
    • Status: Accepted
    • Major
    • Resolution: Unresolved
    • PUP 4.4.2
    • None
    • None
    • Latest version of puppetserver running on Ubuntu 14.04 LTS with PuppetDB in monolithic install
      Puppet agent on Mac OS X Yosemite 10.10.5 installed from puppet-agent-1.4.2-1-osx10.10.dmg

    • Night's Watch


      On the Mac using System Preferences Users & Groups, created a new Administrative user named testadmin

      Then ran $ sudo -i puppet resource user testadmin and got the following output

        user { 'testadmin':
          ensure     => 'present',
          comment    => 'Test Administrator',
          gid        => '20',
          groups     => ['_appserveradm', '_appserverusr', '_lpadmin', 'admin', 'com.apple.sharepoint.group.2'],
          home       => '/Users/testadmin',
          iterations => '20120',
          password   => '75e29e8646edcbef84d736f8848397385acb7dab511be3dae0a21ceaeda2022222eabb6dc24fb21b81564a1bcf2bba75947830f11f1c71582242fa9e92f71c1e586c054ef333d3f78c1ffd25bbc2a6269a0e3b0a1b03976c88068e9dc2405aa862f2378bb183d6ff9f0bd81e024db1babe29ebaa838aa850fddfa34ed152ec78',
          salt       => 'b922ab2d6c2afbf6bb1bd0fa27b6e08768e8b90cdb15d4362216a0bd897f1d20',
          shell      => '/bin/bash',
          uid        => '503',

      This was entered into site.pp for the particular Mac node.

      At this point, using System Preferences Users & Groups, deleted the user testadmin while preserving the home directory /Users/testadmin

      Then on the Mac ran $ sudo -i puppet agent --test --debug --trace > puppetrun.txt 2>&1

      The user testadmin was only incompletely restored. The group name com.apple.sharepoint.group.2 cause an error that also prevented password, salt, and iterations from being reset correctly. If I remove the group name com.apple.sharepoint.group.2 from the manifest site.pp, the user testadmin restores correctly with the correct password.

      The file puppetrun.txt is attached.

      Also note, the patches to the files plist.rb and directoryservice.rb from ticket PUP-6159 were taken from github and applied to the Mac node, which is why password, salt, and iterations restore correctly. Otherwise, the test of deleting a Mac user and restoring its groups would have been confounded by that known issue.


        Issue Links



              Unassigned Unassigned
              stpierre David M. St. Pierre
              0 Vote for this issue
              4 Start watching this issue



                Zendesk Support