Project

General

Profile

Actions

Bug #2552

closed

(ex PT/ Technique) User Management: If a user is defined to be checked and with password defined too, the password of this user will be redefined

Added by Nicolas PERRON almost 12 years ago. Updated about 9 years ago.

Status:
Released
Priority:
1
Assignee:
-
Category:
Techniques
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

A user with this properties:
  • Login name for this account: userQA1
  • Password for this account (optional): somePassword
  • Policy to apply on this account: Check only (account should exist) or Check only (account should not exist)

will redefine its password (only if he exist):

[root@centos-6-64 ~]# grep 'userQA1' /etc/passwd
userQA1:x:6001:6001::/home/userQA1:/bin/bash
[root@centos-6-64 ~]# /var/rudder/cfengine-community/bin/cf-agent -KI -b check_usergroup_user_parameters
 !! Duplicate selection of value for variable "execRun" in scope g
 !! Rule from /var/rudder/cfengine-community/inputs/common/1.0/site.cf at/before line 58
 !! Duplicate selection of value for variable "execRun" in scope g
 !! Rule from /var/rudder/cfengine-community/inputs/common/1.0/site.cf at/before line 58
 >> Using command line specified bundlesequence
 -> Executing '/bin/echo -e "somePassword\nsomePassword" | /usr/bin/passwd userQA1' ...(timeout=-678,owner=-1,group=-1)
Q: ".../bin/echo -e "s": New password: Retype new password: Changing password for user userQA1.
Q: ".../bin/echo -e "s": passwd: all authentication tokens updated successfully.
I: Last 2 quoted lines were generated by promiser "/bin/echo -e "somePassword\nsomePassword" | /usr/bin/passwd userQA1" 
 -> Completed execution of /bin/echo -e "somePassword\nsomePassword" | /usr/bin/passwd userQA1
R: @@userGroupManagement@@result_success@@50d28030-4e21-4c47-8b9b-fe0c4b39e405@@b887d02f-12ea-4dc9-96d5-563fc4b5bfbc@@28@@Users@@userQA1@@2012-06-07 17:53:05+02:00##06da3556-5204-4bd7-b3b0-fa5e7bcfbbea@#The user userQA1 ( Without any defined full name ) is present on the system, which is in conformance with the presence policy
[root@centos-6-64 ~]# 

the same with a user which doesn't exist: userQA2

[root@centos-6-64 ~]# grep 'userQA2' /etc/passwd
[root@centos-6-64 ~]# /var/rudder/cfengine-community/bin/cf-agent -KI -b check_usergroup_user_parameters
 !! Duplicate selection of value for variable "execRun" in scope g
 !! Rule from /var/rudder/cfengine-community/inputs/common/1.0/site.cf at/before line 58
 !! Duplicate selection of value for variable "execRun" in scope g
 !! Rule from /var/rudder/cfengine-community/inputs/common/1.0/site.cf at/before line 58
 >> Using command line specified bundlesequence
R: @@userGroupManagement@@log_warn@@50d28030-4e21-4c47-8b9b-fe0c4b39e405@@b887d02f-12ea-4dc9-96d5-563fc4b5bfbc@@29@@Users@@userQA2@@2012-06-07 17:54:41+02:00##06da3556-5204-4bd7-b3b0-fa5e7bcfbbea@#The user userQA2 ( Without any defined full name ) is not present on the system, which violates the presence policy
[root@centos-6-64 ~]#

Actions

Also available in: Atom PDF