Bug #8599
closedUserManagement 6.0 fails to add user if the user's default group already exists
Description
Trying to add an admin user failed on Debian 8.
I called the user "adm", didn't specify a group.
It'd autocreate the user's group, but that one exists in the OS as a default group.
00##39ea9877-30b2-4aa7-b125-cd4885bfe145
#The sudoers file did not require any modification
R: @sudoParameters
@result_success@32377fd7-02fd-43d0-aab7-28460a91347b
@03ebfa0f-2262-45ac-937c-011f30199e2d@10
@Permissions@adm
@2016-06-23 20:18:58+00:00##39ea9877-30b2-4aa7-b125-cd4885bfe145@#The user adm is already present
rudder info: Executing 'no timeout' ... '/usr/sbin/useradd m -c "adm user" -s /bin/bash adm' an error occurred, returned 9
error: Finished command related to promiser '/usr/sbin/useradd' -
notice: Q: "...in/useradd -m": useradd: group adm exists - if you want to add this user to that group, use -g.
rudder info: Last 1 quoted lines were generated by promiser '/usr/sbin/useradd -m -c "adm user" -s /bin/bash adm'
rudder info: Completed execution of '/usr/sbin/useradd -m -c "adm user" -s /bin/bash adm'
R: @userGroupManagement
@result_error@32377fd7-02fd-43d0-aab7-28460a91347b
@0c146e04-683a-457c-a55e-ce8b13757f91@10
@Users@adm
@2016-06-23 20:18:58+00:00##39ea9877-30b2-4aa7-b125-cd4885bfe145@#The user adm ( adm user ) could not be added to the system
R: @userGroupManagement
@result_success@32377fd7-02fd-43d0-aab7-28460a91347b
@0c146e04-683a-457c-a55e-ce8b13757f91@10
@Password@adm
@2016-06-23 20:18:58+00:00##39ea9877-30b2-4aa7-b125-cd4885bfe145@#The user adm ( adm user ) password change is not required
error: Method 'check_usergroup_user_parameters' failed in some repairs
R: @sshKeyDistribution
@result_success@07434a81-71bc-4627-8a0f-68bf51af8aec
@0555c3b6-eb5b-4086-9b07-f3efe162d7a8@0
@SSH key@referent access key root
@2016-06-23 20:18:58+00:00##39ea9877-30b2-4aa7-b125-cd4885bfe145@#SSH key "referent access key root" for user root was correct
R: @sshKeyDistribution
@result_error@07434a81-71bc-4627-8a0f-68bf51af8aec
@0555c3b6-eb5b-4086-9b07-f3efe162d7a8@0
@SSH key@referent access key adm
@2016-06-23 20:18:58+00:00##39ea9877-30b2-4aa7-b125-cd4885bfe145@#The user adm does NOT exist on this machine, not adding SSH key
R: @Common
@log_info@hasPolicyServer-root
@common-root@5
@common@EndRun
@2016-06-23 20:18:58+00:00##39ea9877-30b2-4aa7-b125-cd4885bfe145@#End execution with config [-2093806050]@
Reason... root@tn2-omd:~# /usr/sbin/useradd -m -c "adm user" -s /bin/bash adm
useradd: group adm exists - if you want to add this user to that group, use -g.
This technique is not "idempotent" if the user's private group exists.
I see some options:- Useful message in case of return 9
- Open Debian bug (makes no sense since non-automated caller of the command would see the message and just throw in -g)
- make it use -g if needed
- add info to the online help (it says optional so I'd assume it should be optional, right?)
- tell me to just not do that
- switch to any non-Linux OS
Whatever case, please kindly ;-) add a test case for group collisions.
Updated by Nicolas CHARLES over 8 years ago
- Target version set to 2.11.23
Florian,
You listed a lot of options, would you agree if we checked if a group with same name as user already exists on Debian, and if no group is given, fails with a user friendly message ?
Updated by Florian Heigl over 8 years ago
Hi,
i think the error message is same effort than to detect if the group exists and adding -g user-groupname in that case? :)
Do you think that's dangerous?
Updated by François ARMAND over 8 years ago
- Related to Bug #2584: Technique "User Management": Does not work if group already exist added
Updated by François ARMAND over 8 years ago
- Related to Bug #4270: Technique User management: cannot create an user if a group using the same name laready exists added
Updated by François ARMAND over 8 years ago
- Assignee set to Alexis Mousset
- Priority changed from N/A to 3
I think this is a duplicate of #2584 (!!), and is related to #4270. Alexis, could you check that it is the case, and the proposed solution is ok on all systems? I also proposed to keep that one and close #2584 if it is an exact duplicate, that one is more detailed.
Also, it certainly happen in all userManagement versions.
Updated by Florian Heigl over 8 years ago
Heh, 4 years? I hope nothing bad happens if that is fixed all of a sudden :)))))
(No, I'm not trolling, I'm just poking fun at my own superstitiousness)
Updated by Nicolas CHARLES over 8 years ago
- Related to Bug #8585: Reporting for usermanagement in case of Policy to apply to this account "check only" is missing the Password component report added
Updated by Nicolas CHARLES over 8 years ago
Florian Heigl wrote:
Hi,
i think the error message is same effort than to detect if the group exists and adding -g user-groupname in that case? :)
Do you think that's dangerous?
I don't know - what do you think of it? I'm happy to follow your advices
Updated by Nicolas CHARLES over 8 years ago
- Status changed from New to In progress
- Assignee changed from Alexis Mousset to Nicolas CHARLES
Updated by Nicolas CHARLES over 8 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Nicolas CHARLES to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder-techniques/pull/989
Updated by Nicolas CHARLES over 8 years ago
- Subject changed from UserManagement 6.0 on at least Debian fails to add user if the user's default group already exists to UserManagement 6.0 fails to add user if the user's default group already exists
Updated by Nicolas CHARLES over 8 years ago
- Status changed from Pending technical review to Pending release
- % Done changed from 0 to 100
Applied in changeset rudder-techniques|1501c2d6358b8d5242abfb4d05d80e5227d61665.
Updated by Alexis Mousset over 8 years ago
- Status changed from Pending release to Released