Bug #2552
closed
(ex PT/ Technique) User Management: If a user is defined to be checked and with password defined too, the password of this user will be redefined
Description
- Login name for this account: userQA1
- Password for this account (optional): somePassword
- Policy to apply on this account: Check only (account should exist) or Check only (account should not exist)
will redefine its password (only if he exist):
[root@centos-6-64 ~]# grep 'userQA1' /etc/passwd userQA1:x:6001:6001::/home/userQA1:/bin/bash [root@centos-6-64 ~]# /var/rudder/cfengine-community/bin/cf-agent -KI -b check_usergroup_user_parameters !! Duplicate selection of value for variable "execRun" in scope g !! Rule from /var/rudder/cfengine-community/inputs/common/1.0/site.cf at/before line 58 !! Duplicate selection of value for variable "execRun" in scope g !! Rule from /var/rudder/cfengine-community/inputs/common/1.0/site.cf at/before line 58 >> Using command line specified bundlesequence -> Executing '/bin/echo -e "somePassword\nsomePassword" | /usr/bin/passwd userQA1' ...(timeout=-678,owner=-1,group=-1) Q: ".../bin/echo -e "s": New password: Retype new password: Changing password for user userQA1. Q: ".../bin/echo -e "s": passwd: all authentication tokens updated successfully. I: Last 2 quoted lines were generated by promiser "/bin/echo -e "somePassword\nsomePassword" | /usr/bin/passwd userQA1" -> Completed execution of /bin/echo -e "somePassword\nsomePassword" | /usr/bin/passwd userQA1 R: @@userGroupManagement@@result_success@@50d28030-4e21-4c47-8b9b-fe0c4b39e405@@b887d02f-12ea-4dc9-96d5-563fc4b5bfbc@@28@@Users@@userQA1@@2012-06-07 17:53:05+02:00##06da3556-5204-4bd7-b3b0-fa5e7bcfbbea@#The user userQA1 ( Without any defined full name ) is present on the system, which is in conformance with the presence policy [root@centos-6-64 ~]#
the same with a user which doesn't exist: userQA2
[root@centos-6-64 ~]# grep 'userQA2' /etc/passwd [root@centos-6-64 ~]# /var/rudder/cfengine-community/bin/cf-agent -KI -b check_usergroup_user_parameters !! Duplicate selection of value for variable "execRun" in scope g !! Rule from /var/rudder/cfengine-community/inputs/common/1.0/site.cf at/before line 58 !! Duplicate selection of value for variable "execRun" in scope g !! Rule from /var/rudder/cfengine-community/inputs/common/1.0/site.cf at/before line 58 >> Using command line specified bundlesequence R: @@userGroupManagement@@log_warn@@50d28030-4e21-4c47-8b9b-fe0c4b39e405@@b887d02f-12ea-4dc9-96d5-563fc4b5bfbc@@29@@Users@@userQA2@@2012-06-07 17:54:41+02:00##06da3556-5204-4bd7-b3b0-fa5e7bcfbbea@#The user userQA2 ( Without any defined full name ) is not present on the system, which violates the presence policy [root@centos-6-64 ~]#
Updated by Nicolas PERRON almost 12 years ago
- Status changed from New to Pending technical review
- % Done changed from 0 to 100
Applied in changeset commit:bc53667495e66c049c6d4ea099599cd486a54c2a.
Updated by Nicolas CHARLES almost 12 years ago
- Status changed from Pending technical review to Discussion
- % Done changed from 100 to 90
I'm not 100% sure about this.
The form of the directive seems to imply that "checking the account" and "checking the password" are independant (or nearly). I really would expect that if I select to check the password eveerytime, it is indeed checked everytime, and not only if I create/update the user fullname or bash
Jon, do you have any advices on this one ?
Updated by Jonathan CLARKE almost 12 years ago
- Target version changed from 2.3.8 to 2.3.9
Updated by Nicolas PERRON over 11 years ago
Nicolas CHARLES wrote:
I'm not 100% sure about this.
The form of the directive seems to imply that "checking the account" and "checking the password" are independant (or nearly). I really would expect that if I select to check the password eveerytime, it is indeed checked everytime, and not only if I create/update the user fullname or bashJon, do you have any advices on this one ?
What should we do ? I'm not sure that changing the whole behaviour of this PT/Technique is the purpose of this issue. May be another ticket would be better if you think that a change should be made. It will permit us to close this issue. Do you agree ?
Updated by Jonathan CLARKE over 11 years ago
Nicolas PERRON wrote:
Nicolas CHARLES wrote:
I'm not 100% sure about this.
The form of the directive seems to imply that "checking the account" and "checking the password" are independant (or nearly). I really would expect that if I select to check the password eveerytime, it is indeed checked everytime, and not only if I create/update the user fullname or bashJon, do you have any advices on this one ?
What should we do ? I'm not sure that changing the whole behaviour of this PT/Technique is the purpose of this issue. May be another ticket would be better if you think that a change should be made. It will permit us to close this issue. Do you agree ?
Agreed. This ticket should be closed.
However, the behaviour described by Nicolas Charles above is what should be implemented - anything else is a bug. Please open a new ticket for this bug.
Updated by Nicolas PERRON over 11 years ago
Jonathan CLARKE wrote:
Nicolas PERRON wrote:
Nicolas CHARLES wrote:
I'm not 100% sure about this.
The form of the directive seems to imply that "checking the account" and "checking the password" are independant (or nearly). I really would expect that if I select to check the password eveerytime, it is indeed checked everytime, and not only if I create/update the user fullname or bashJon, do you have any advices on this one ?
What should we do ? I'm not sure that changing the whole behaviour of this PT/Technique is the purpose of this issue. May be another ticket would be better if you think that a change should be made. It will permit us to close this issue. Do you agree ?
Agreed. This ticket should be closed.
However, the behaviour described by Nicolas Charles above is what should be implemented - anything else is a bug. Please open a new ticket for this bug.
A new issue has been opened here: #2889. I suppose we can close this one ?
Updated by Nicolas PERRON over 11 years ago
- Assignee changed from Nicolas PERRON to Jonathan CLARKE
Updated by Nicolas CHARLES over 11 years ago
- Status changed from Discussion to Pending technical review
- % Done changed from 90 to 100
Ok, i'm closing this ticket then
Updated by Nicolas CHARLES over 11 years ago
- Status changed from Pending technical review to Released
Updated by Nicolas PERRON over 11 years ago
- Target version changed from 2.3.9 to 2.3.10
This ticket has been implemented in 2.3.10
Updated by Jonathan CLARKE over 11 years ago
- Status changed from Released to Pending release
Updated by Jonathan CLARKE over 11 years ago
- Assignee deleted (
Jonathan CLARKE)
Updated by Jonathan CLARKE about 11 years ago
- Project changed from Rudder to 24
- Category deleted (
Techniques)
Updated by Nicolas PERRON about 11 years ago
- Status changed from Pending release to Released
Updated by Benoît PECCATTE about 9 years ago
- Project changed from 24 to Rudder
- Category set to Techniques