Bug #26823
open
“Users” standard technique : Fails setting secondary groups when already correct.
Description
The “Users” standard technique fails (only) setting secondary groups when already correct.
- Given a directive that only updates the user when it exists, and only sets a series of secondary groups for the user.
- The directive fails with a funny :
E| error userManagement User secondary groups michel User michel was already in the secondary groups 'uucp,users,games,vboxusers,x2gouser,x2goprint,x2godesktopsharing'. Configuration for user michel could not be repaired
<pre>
- Runnin the agent with "-i" shows :
<pre>
info userManagement User secondary groups michel Secondary group uucp for user michel was correct
info userManagement User secondary groups michel Secondary group users for user michel was correct
2025-04-29T06:22:23+00:00 rudder info: Executing 'no timeout' ... '${paths.usermod} -a -G games michel'
2025-04-29T06:22:23+00:00 error: Finished command related to promiser '${paths.usermod} -a -G games michel' -- an error occurred, returned 127
2025-04-29T06:22:23+00:00 notice: Q: "...s.usermod} -a -": sh: line 1: ${paths.usermod}: bad substitution
2025-04-29T06:22:23+00:00 rudder info: Last 1 quoted lines were generated by promiser '${paths.usermod} -a -G games michel'
2025-04-29T06:22:23+00:00 rudder info: Completed execution of '${paths.usermod} -a -G games michel'
info userManagement User secondary groups michel Execute command ${paths.usermod} -a -G games michel could not be repaired
info userManagement User secondary groups michel Secondary group vboxusers for user michel was correct
info userManagement User secondary groups michel Secondary group x2gouser for user michel was correct
info userManagement User secondary groups michel Secondary group x2goprint for user michel was correct
info userManagement User secondary groups michel Secondary group x2godesktopsharing for user michel was correct
E| error userManagement User secondary groups michel User michel was already in the secondary groups 'uucp,users,games,vboxusers,x2gouser,x2goprint,x2godesktopsharing'. Configuration for user michel could not be repaired
E| compliant userGroupManagement Users michel The user michel ( Without any defined full name ) is already present on the system
</pre>
See attached screenshots for errors, directive, and compliance.
Files
| User_sec_grp_fails_250429a.png (85 KB) User_sec_grp_fails_250429a.png | Agent error message | ||
| User_sec_grp_fails_250429b.png (132 KB) User_sec_grp_fails_250429b.png | Agent run with -i | ||
| User_sec_grp_fails_250429c.png (134 KB) User_sec_grp_fails_250429c.png | Directive | ||
| User_sec_grp_fails_250429d.png (51.5 KB) User_sec_grp_fails_250429d.png | Compliance |
Updated by Michel BOUISSOU 2 days ago
The error seems to be caused by ${paths.usermod} being undefined on nodes where the problem occurs.
On nodes where the problem doesn't occur, ${paths.usermod} = /usr/sbin/usermod
Updated by Michel BOUISSOU 2 days ago
On the machines where the problem occurs, usermod is actually present, and where it is supposed to be :
root in ~ as 🧙 ❯ which usermod /usr/bin/usermod root in ~ as 🧙 ❯ ll /usr/bin/usermod -rwxr-xr-x 1 root root 204K 21 mars 14:34 /usr/bin/usermod
Updated by Nicolas CHARLES 1 day ago
It's because the paths for each binaries are defined per distributions, and so new distributions need new paths
The definitions are in ncf, in files
20_cfe_basics/paths.cf (overiden paths)
20_cfe_basics/cfengine/paths.cf (standards paths)
Updated by Michel BOUISSOU 1 day ago
- Status changed from In progress to Pending technical review
- Assignee changed from Michel BOUISSOU to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder/pull/6354
Add necessary paths for standard linux utilities for Archlinux family in paths.cf