Project

General

Profile

Actions

Bug #2552

closed

(ex PT/ Technique) User Management: If a user is defined to be checked and with password defined too, the password of this user will be redefined

Added by Nicolas PERRON over 12 years ago. Updated almost 10 years ago.

Status:
Released
Priority:
1 (highest)
Assignee:
-
Category:
Techniques
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

A user with this properties:
  • Login name for this account: userQA1
  • Password for this account (optional): somePassword
  • Policy to apply on this account: Check only (account should exist) or Check only (account should not exist)

will redefine its password (only if he exist):

[root@centos-6-64 ~]# grep 'userQA1' /etc/passwd
userQA1:x:6001:6001::/home/userQA1:/bin/bash
[root@centos-6-64 ~]# /var/rudder/cfengine-community/bin/cf-agent -KI -b check_usergroup_user_parameters
 !! Duplicate selection of value for variable "execRun" in scope g
 !! Rule from /var/rudder/cfengine-community/inputs/common/1.0/site.cf at/before line 58
 !! Duplicate selection of value for variable "execRun" in scope g
 !! Rule from /var/rudder/cfengine-community/inputs/common/1.0/site.cf at/before line 58
 >> Using command line specified bundlesequence
 -> Executing '/bin/echo -e "somePassword\nsomePassword" | /usr/bin/passwd userQA1' ...(timeout=-678,owner=-1,group=-1)
Q: ".../bin/echo -e "s": New password: Retype new password: Changing password for user userQA1.
Q: ".../bin/echo -e "s": passwd: all authentication tokens updated successfully.
I: Last 2 quoted lines were generated by promiser "/bin/echo -e "somePassword\nsomePassword" | /usr/bin/passwd userQA1" 
 -> Completed execution of /bin/echo -e "somePassword\nsomePassword" | /usr/bin/passwd userQA1
R: @@userGroupManagement@@result_success@@50d28030-4e21-4c47-8b9b-fe0c4b39e405@@b887d02f-12ea-4dc9-96d5-563fc4b5bfbc@@28@@Users@@userQA1@@2012-06-07 17:53:05+02:00##06da3556-5204-4bd7-b3b0-fa5e7bcfbbea@#The user userQA1 ( Without any defined full name ) is present on the system, which is in conformance with the presence policy
[root@centos-6-64 ~]# 

the same with a user which doesn't exist: userQA2

[root@centos-6-64 ~]# grep 'userQA2' /etc/passwd
[root@centos-6-64 ~]# /var/rudder/cfengine-community/bin/cf-agent -KI -b check_usergroup_user_parameters
 !! Duplicate selection of value for variable "execRun" in scope g
 !! Rule from /var/rudder/cfengine-community/inputs/common/1.0/site.cf at/before line 58
 !! Duplicate selection of value for variable "execRun" in scope g
 !! Rule from /var/rudder/cfengine-community/inputs/common/1.0/site.cf at/before line 58
 >> Using command line specified bundlesequence
R: @@userGroupManagement@@log_warn@@50d28030-4e21-4c47-8b9b-fe0c4b39e405@@b887d02f-12ea-4dc9-96d5-563fc4b5bfbc@@29@@Users@@userQA2@@2012-06-07 17:54:41+02:00##06da3556-5204-4bd7-b3b0-fa5e7bcfbbea@#The user userQA2 ( Without any defined full name ) is not present on the system, which violates the presence policy
[root@centos-6-64 ~]#

Actions

Also available in: Atom PDF