Project

General

Profile

Actions

Bug #8599

closed

UserManagement 6.0 fails to add user if the user's default group already exists

Added by Florian Heigl almost 5 years ago. Updated almost 5 years ago.

Status:
Released
Priority:
3
Category:
Techniques
Target version:
Severity:
User visibility:
Effort required:
Priority:

Description

Trying to add an admin user failed on Debian 8.
I called the user "adm", didn't specify a group.
It'd autocreate the user's group, but that one exists in the OS as a default group.

00##39ea9877-30b2-4aa7-b125-cd4885bfe145#The sudoers file did not require any modification
R: @sudoParameters@result_success@32377fd7-02fd-43d0-aab7-28460a91347b@03ebfa0f-2262-45ac-937c-011f30199e2d@10@Permissions@adm@2016-06-23 20:18:58+00:00##39ea9877-30b2-4aa7-b125-cd4885bfe145@#The user adm is already present
rudder info: Executing 'no timeout' ... '/usr/sbin/useradd m -c "adm user" -s /bin/bash adm'
error: Finished command related to promiser '/usr/sbin/useradd' -
an error occurred, returned 9
notice: Q: "...in/useradd -m": useradd: group adm exists - if you want to add this user to that group, use -g.
rudder info: Last 1 quoted lines were generated by promiser '/usr/sbin/useradd -m -c "adm user" -s /bin/bash adm'
rudder info: Completed execution of '/usr/sbin/useradd -m -c "adm user" -s /bin/bash adm'
R: @userGroupManagement@result_error@32377fd7-02fd-43d0-aab7-28460a91347b@0c146e04-683a-457c-a55e-ce8b13757f91@10@Users@adm@2016-06-23 20:18:58+00:00##39ea9877-30b2-4aa7-b125-cd4885bfe145@#The user adm ( adm user ) could not be added to the system
R: @userGroupManagement@result_success@32377fd7-02fd-43d0-aab7-28460a91347b@0c146e04-683a-457c-a55e-ce8b13757f91@10@Password@adm@2016-06-23 20:18:58+00:00##39ea9877-30b2-4aa7-b125-cd4885bfe145@#The user adm ( adm user ) password change is not required
error: Method 'check_usergroup_user_parameters' failed in some repairs
R: @sshKeyDistribution@result_success@07434a81-71bc-4627-8a0f-68bf51af8aec@0555c3b6-eb5b-4086-9b07-f3efe162d7a8@0@SSH key@referent access key root@2016-06-23 20:18:58+00:00##39ea9877-30b2-4aa7-b125-cd4885bfe145@#SSH key "referent access key root" for user root was correct
R: @sshKeyDistribution@result_error@07434a81-71bc-4627-8a0f-68bf51af8aec@0555c3b6-eb5b-4086-9b07-f3efe162d7a8@0@SSH key@referent access key adm@2016-06-23 20:18:58+00:00##39ea9877-30b2-4aa7-b125-cd4885bfe145@#The user adm does NOT exist on this machine, not adding SSH key
R: @Common@log_info@hasPolicyServer-root@common-root@5@common@EndRun@2016-06-23 20:18:58+00:00##39ea9877-30b2-4aa7-b125-cd4885bfe145@#End execution with config [-2093806050]@

Reason...
root@tn2-omd:~# /usr/sbin/useradd -m -c "adm user" -s /bin/bash adm
useradd: group adm exists - if you want to add this user to that group, use -g.

This technique is not "idempotent" if the user's private group exists.

I see some options:
  • Useful message in case of return 9
  • Open Debian bug (makes no sense since non-automated caller of the command would see the message and just throw in -g)
  • make it use -g if needed
  • add info to the online help (it says optional so I'd assume it should be optional, right?)
  • tell me to just not do that
  • switch to any non-Linux OS

Whatever case, please kindly ;-) add a test case for group collisions.


Related issues

Related to Rudder - Bug #2584: Technique "User Management": Does not work if group already existRejectedBenoît PECCATTEActions
Related to Rudder - Bug #4270: Technique User management: cannot create an user if a group using the same name laready existsReleasedMatthieu CERDA2014-06-11Actions
Related to Rudder - Bug #8585: Reporting for usermanagement in case of Policy to apply to this account "check only" is missing the Password component reportReleasedAlexis MOUSSET2016-06-21Actions
Actions #1

Updated by Nicolas CHARLES almost 5 years ago

  • Target version set to 2.11.23

Florian,

You listed a lot of options, would you agree if we checked if a group with same name as user already exists on Debian, and if no group is given, fails with a user friendly message ?

Actions #2

Updated by Florian Heigl almost 5 years ago

Hi,

i think the error message is same effort than to detect if the group exists and adding -g user-groupname in that case? :)
Do you think that's dangerous?

Actions #3

Updated by François ARMAND almost 5 years ago

  • Related to Bug #2584: Technique "User Management": Does not work if group already exist added
Actions #4

Updated by François ARMAND almost 5 years ago

  • Related to Bug #4270: Technique User management: cannot create an user if a group using the same name laready exists added
Actions #5

Updated by François ARMAND almost 5 years ago

  • Assignee set to Alexis MOUSSET
  • Priority changed from N/A to 3

I think this is a duplicate of #2584 (!!), and is related to #4270. Alexis, could you check that it is the case, and the proposed solution is ok on all systems? I also proposed to keep that one and close #2584 if it is an exact duplicate, that one is more detailed.

Also, it certainly happen in all userManagement versions.

Actions #6

Updated by Florian Heigl almost 5 years ago

Heh, 4 years? I hope nothing bad happens if that is fixed all of a sudden :)))))
(No, I'm not trolling, I'm just poking fun at my own superstitiousness)

Actions #7

Updated by Nicolas CHARLES almost 5 years ago

  • Related to Bug #8585: Reporting for usermanagement in case of Policy to apply to this account "check only" is missing the Password component report added
Actions #8

Updated by Nicolas CHARLES almost 5 years ago

Florian Heigl wrote:

Hi,

i think the error message is same effort than to detect if the group exists and adding -g user-groupname in that case? :)
Do you think that's dangerous?

I don't know - what do you think of it? I'm happy to follow your advices

Actions #9

Updated by Nicolas CHARLES almost 5 years ago

  • Status changed from New to In progress
  • Assignee changed from Alexis MOUSSET to Nicolas CHARLES
Actions #10

Updated by Nicolas CHARLES almost 5 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to Alexis MOUSSET
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/989
Actions #11

Updated by Nicolas CHARLES almost 5 years ago

  • Subject changed from UserManagement 6.0 on at least Debian fails to add user if the user's default group already exists to UserManagement 6.0 fails to add user if the user's default group already exists
Actions #12

Updated by Nicolas CHARLES almost 5 years ago

  • Status changed from Pending technical review to Pending release
  • % Done changed from 0 to 100
Actions #13

Updated by Alexis MOUSSET almost 5 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 2.11.23, 3.1.12 and 3.2.5 which were released today.

Actions

Also available in: Atom PDF