Project

General

Profile

Bug #4270

Technique User management: cannot create an user if a group using the same name laready exists

Added by Fabrice FLORE-THÉBAULT over 6 years ago. Updated about 5 years ago.

Status:
Released
Priority:
3
Assignee:
Matthieu CERDA
Category:
Techniques
Target version:
Severity:
User visibility:
Effort required:
Priority:

Description

If a group with the same name as the user already exists, then the creation of the user will fail.

How to reproduce (tested on Centos 5):

  1. Define a user/group name (example: zabbix)
  2. On the test node, have the group already present
  3. On the test node, have the user absent
  4. On the rudder serrver, create a directive based on the User management 2.0 technique, for user with same name as the group
  5. On the test node, see the directive fail:
!! Finished command related to promiser "/usr/sbin/useradd" -- an error occurred (returned 9)
Q: "...in/useradd -m -": useradd: group zabbix exists - if you want to add this user to that group, use -g.

Why it is unexpected behaviour

There is no way to create a user if the group with same name exists.
The user creation directive doesn't show any information about a group name.
As a consequence, the behaviour of the directive should not be bound to any group name.

What should be correct behaviour

I see two solutions:

Make the technique capable to create the user if the group already exists.

  1. /usr/sbin/useradd need to add the user to a primary group.
  2. Standard behaviour is to create a group with same name as the user. -> respect this behaviour.
  3. If the group already exists, then use the -g option to force the group.

Make binding with primary group visible and configurable in the policy template.

  1. Add an optional field with "Primary group name (if different as the user name)"

Subtasks

Bug #5000: No report for password section if group definition error occurs in userManagement 3.0 TechniqueReleased2014-06-11Nicolas CHARLESActions

Related issues

Related to Rudder - Bug #2584: Technique "User Management": Does not work if group already existRejectedBenoît PECCATTEActions
Related to Rudder - Bug #5149: In User Management Technique v3.0, if the group is not defined, the user is not created because it tries to insert it in group ""Released2014-06-26Nicolas CHARLESActions
Related to Rudder - Bug #8599: UserManagement 6.0 fails to add user if the user's default group already existsReleased2016-06-23Alexis MOUSSETActions
#1

Updated by Fabrice FLORE-THÉBAULT over 6 years ago

I guess it can be really annoying if you have both a User and a Group directives, and the Group policy gets applied first.

#2

Updated by Matthieu CERDA over 6 years ago

  • Category set to Techniques
  • Status changed from New to In progress
  • Assignee set to Matthieu CERDA
  • Priority changed from N/A to 2
  • Target version set to 2.4.13

Wow, such bug report, very complete.

Taking care of this!

#3

Updated by Matthieu CERDA over 6 years ago

  • Target version changed from 2.4.13 to 2.6.10

Retargetting.

#4

Updated by Matthieu CERDA over 6 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Matthieu CERDA to Jonathan CLARKE
  • % Done changed from 0 to 100
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/259

PR available

#5

Updated by Jonathan CLARKE over 6 years ago

  • Status changed from Pending technical review to Discussion
  • Assignee changed from Jonathan CLARKE to Matthieu CERDA
#6

Updated by Vincent MEMBRÉ over 6 years ago

  • Target version changed from 2.6.10 to 2.6.11
#7

Updated by Vincent MEMBRÉ over 6 years ago

  • Target version changed from 2.6.11 to 2.6.12
#8

Updated by Vincent MEMBRÉ about 6 years ago

  • Target version changed from 2.6.12 to 2.6.13
#9

Updated by Vincent MEMBRÉ about 6 years ago

  • Target version changed from 2.6.13 to 2.6.14
#10

Updated by Nicolas CHARLES almost 6 years ago

It would be cool to be able to specify the group in with the user should be in (facultative)
Two possiblities:
  1. if group not there, fail, don't create group and complain loudly. Group management will handle that
  2. offer possibility to create group, with groupid, if group not there (don't force)
#11

Updated by Matthieu CERDA almost 6 years ago

  • Status changed from Discussion to Pending release

Applied in changeset commit:8572e048dfdc711a352890194b954875735b5123.

#12

Updated by Nicolas CHARLES almost 6 years ago

Applied in changeset commit:daa7455a4a3bb64e387239a8222ab1b74fbec2b2.

#13

Updated by Vincent MEMBRÉ almost 6 years ago

  • Subject changed from User management 2.0 directive fail to create a user on centos if group with same name already exists. to Technique User management: cannot create an user if a group using the same name laready exists
#14

Updated by Vincent MEMBRÉ almost 6 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder versions that were released today.

#15

Updated by Benoît PECCATTE about 5 years ago

  • Project changed from Techniques to Rudder
  • Category changed from Techniques to Techniques
#16

Updated by François ARMAND almost 4 years ago

  • Related to Bug #8599: UserManagement 6.0 fails to add user if the user's default group already exists added

Also available in: Atom PDF