Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-7486

useradd provider silently does not set password

    Details

    • Type: Bug
    • Status: Accepted
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: PUP 4.7.0
    • Fix Version/s: None
    • Component/s: Types and Providers
    • Environment:

      OS: linux
      Platform: puppet installed as gem and no libshadow

    • Template:
    • Acceptance Criteria:
      Hide

      The client should emit an error, perhaps halt the puppet run, informing the operator that libshadow is missing if the manifest specified a password.

      Show
      The client should emit an error, perhaps halt the puppet run, informing the operator that libshadow is missing if the manifest specified a password.
    • Team:
      Platform OS
    • QA Risk Assessment:
      Needs Assessment

      Description

      Issue

      When libshadow is not present on a client, the agent will silently not set the password for a user. In this case silence is not golden because a system can become insecure (e.g. rotating root passwords) and there is no report of the failure to update the password.

      Repro

      Dockerfile:

      FROM centos:7
       
      RUN rpm -Uvh https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm && \
          yum install -y puppet-3.8.7
      

      run.sh:

      #!/bin/bash
       
      echo "==> Setting password for bob to 'alice'..."
      puppet apply -tv --execute "user {'bob': password => 'alice', }"
      grep bob /etc/shadow
      echo
       
      rpm --nodeps --erase ruby-shadow
      echo "==> Setting password for bob to 'robert'..."
      puppet apply -tv --execute "user {'bob': password => 'robert', }"
      grep bob /etc/shadow
      

      $ docker run --rm -t -v $PWD/run.sh:/run.sh puppet /run.sh
      ==> Setting password for bob to 'alice'...
      Notice: Compiled catalog for b2a735570f73.local in environment production in 0.16 seconds
      Info: Applying configuration version '1493591675'
      Notice: /Stage[main]/Main/User[bob]/ensure: created
      Info: Creating state file /var/lib/puppet/state/state.yaml
      Notice: Finished catalog run in 0.50 seconds
      bob:alice:17286:0:99999:7:::
       
      ==> Setting password for bob to 'robert'...
      Notice: Compiled catalog for b2a735570f73.local in environment production in 0.15 seconds
      Info: Applying configuration version '1493591678'
      Notice: Finished catalog run in 0.04 seconds
      bob:alice:17286:0:99999:7:::
      

        Attachments

          Activity

            jsd-sla-details-panel

              People

              • Assignee:
                Unassigned
                Reporter:
                cloakedcode Alan Smith
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Time Tracking

                  Estimated:
                  Original Estimate - 2 days
                  2d
                  Remaining:
                  Remaining Estimate - 2 days
                  2d
                  Logged:
                  Time Spent - Not Specified
                  Not Specified