Project

General

Profile

Actions
Copy link

Bug #26823

closed

“Users” standard technique : Fails setting secondary groups when already correct.

Added by Michel BOUISSOU about 2 months ago. Updated 16 days ago.

Status:
Released
Priority:
N/A
Assignee:
Alexis Mousset
Category:
Techniques
Target version:
8.3.2
Pull Request:
https://github.com/Normation/rudder/p...
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No

Description

The “Users” standard technique fails (only) setting secondary groups when already correct.

- Given a directive that only updates the user when it exists, and only sets a series of secondary groups for the user.

- The directive fails with a funny :

E| error         userManagement            User secondary groups     michel             User michel was already in the secondary groups 'uucp,users,games,vboxusers,x2gouser,x2goprint,x2godesktopsharing'. Configuration for user michel could not be repaired
<pre>

- Runnin the agent with "-i" shows :

<pre>
   info          userManagement            User secondary groups     michel             Secondary group uucp for user michel was correct
   info          userManagement            User secondary groups     michel             Secondary group users for user michel was correct
2025-04-29T06:22:23+00:00 rudder     info: Executing 'no timeout' ... '${paths.usermod} -a -G games michel'
2025-04-29T06:22:23+00:00    error: Finished command related to promiser '${paths.usermod} -a -G games michel' -- an error occurred, returned 127
2025-04-29T06:22:23+00:00   notice: Q: "...s.usermod} -a -": sh: line 1: ${paths.usermod}: bad substitution
2025-04-29T06:22:23+00:00 rudder     info: Last 1 quoted lines were generated by promiser '${paths.usermod} -a -G games michel'
2025-04-29T06:22:23+00:00 rudder     info: Completed execution of '${paths.usermod} -a -G games michel'
   info          userManagement            User secondary groups     michel             Execute command ${paths.usermod} -a -G games michel could not be repaired
   info          userManagement            User secondary groups     michel             Secondary group vboxusers for user michel was correct
   info          userManagement            User secondary groups     michel             Secondary group x2gouser for user michel was correct
   info          userManagement            User secondary groups     michel             Secondary group x2goprint for user michel was correct
   info          userManagement            User secondary groups     michel             Secondary group x2godesktopsharing for user michel was correct
E| error         userManagement            User secondary groups     michel             User michel was already in the secondary groups 'uucp,users,games,vboxusers,x2gouser,x2goprint,x2godesktopsharing'. Configuration for user michel could not be repaired
E| compliant     userGroupManagement       Users                     michel             The user michel ( Without any defined full name ) is already present on the system
</pre>

See attached screenshots for errors, directive, and compliance.

Files

Download all files
User_sec_grp_fails_250429a.png (85 KB) User_sec_grp_fails_250429a.png Agent error message Michel BOUISSOU, 2025-04-29 08:24
User_sec_grp_fails_250429b.png (132 KB) User_sec_grp_fails_250429b.png Agent run with -i Michel BOUISSOU, 2025-04-29 08:24
User_sec_grp_fails_250429c.png (134 KB) User_sec_grp_fails_250429c.png Directive Michel BOUISSOU, 2025-04-29 08:24
User_sec_grp_fails_250429d.png (51.5 KB) User_sec_grp_fails_250429d.png Compliance Michel BOUISSOU, 2025-04-29 08:24
Actions
Copy link
 #1

Updated by Michel BOUISSOU about 2 months ago

The error seems to be caused by ${paths.usermod} being undefined on nodes where the problem occurs.

On nodes where the problem doesn't occur, ${paths.usermod} = /usr/sbin/usermod

Actions
Copy link
 #2

Updated by Michel BOUISSOU about 2 months ago

On the machines where the problem occurs, usermod is actually present, and where it is supposed to be :

root in ~ as 🧙 
❯ which usermod
/usr/bin/usermod

root in ~ as 🧙 
❯ ll /usr/bin/usermod
-rwxr-xr-x 1 root root 204K 21 mars  14:34 /usr/bin/usermod
Actions
Copy link
 #3

Updated by Nicolas CHARLES about 2 months ago

It's because the paths for each binaries are defined per distributions, and so new distributions need new paths
The definitions are in ncf, in files
20_cfe_basics/paths.cf (overiden paths)
20_cfe_basics/cfengine/paths.cf (standards paths)

Actions
Copy link
 #4

Updated by Michel BOUISSOU about 2 months ago

  • Assignee set to Michel BOUISSOU
Actions
Copy link
 #5

Updated by Michel BOUISSOU about 2 months ago

  • Status changed from New to In progress
Actions
Copy link
 #6

Updated by Michel BOUISSOU about 2 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Michel BOUISSOU to Alexis Mousset
  • Pull Request set to https://github.com/Normation/rudder/pull/6354

Add necessary paths for standard linux utilities for Archlinux family in paths.cf

Actions
Copy link
 #7

Updated by Vincent MEMBRÉ about 2 months ago

  • Target version changed from 8.3.1 to 8.3.2
Actions
Copy link
 #8

Updated by François ARMAND about 1 month ago

  • Priority changed from To review to N/A
Actions
Copy link
 #9

Updated by Michel BOUISSOU 19 days ago

  • Status changed from Pending technical review to Pending release
Actions
Copy link
 #10

Updated by Alexis Mousset 17 days ago

Marking as checked, no impact on non-ArchLinux systems.

Actions
Copy link
 #11

Updated by Alexis Mousset 17 days ago

  • Fix check changed from To do to Checked
Actions
Copy link
 #12

Updated by Vincent MEMBRÉ 16 days ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 8.3.2 which was released today.

Actions
Copy link

Also available in: Atom PDF