Issue #4855 has been reported by Clay Caviness.
----------------------------------------
Bug #4855: group resources on OS X may fail is group members are non-existant
http://projects.puppetlabs.com/issues/4855
Author: Clay Caviness
Status: Unreviewed
Priority: Normal
Assignee:
Category:
Target version:
Affected version:
Keywords:
Branch:
The group provider on OS X uses "dseditgroup" to manage group membership. Due
to Apple bug 8481241 ("dseditgroup can't remove unknown users from groups"),
however, if the puppet group provider needs to remove a non-existant user from
a group it manages, it will fail.
To reproduce, first apply:
<pre>
group { "testgroup": ensure => present, members => ["testuser", "root"],
require => User["testuser"] }
user { "testuser": ensure => present }
[...]info: Applying configuration version '1285616257'
debug: Puppet::Type::User::ProviderDirectoryservice: Executing '/usr/bin/dscl
-plist . -list /Users'
debug: Puppet::Type::User::ProviderDirectoryservice: Executing '/usr/bin/dscl
-plist . -list /Users'
debug: User[testuser](provider=directoryservice): Executing '/usr/bin/dscl
-plist . -create /Users/testuser GeneratedUID
90209F1B-B066-4630-8BD0-5B19C640CBFF'
notice: /Stage[main]//User[testuser]/ensure: created
debug: Puppet::Type::Group::ProviderDirectoryservice: Executing '/usr/bin/dscl
-plist . -list /Groups'
debug: Puppet::Type::Group::ProviderDirectoryservice: Executing '/usr/bin/dscl
-plist . -read /Groups/testgroup'
debug: Group[testgroup](provider=directoryservice): Executing 'dseditgroup -o
edit -n . -a root testgroup'
notice: /Stage[main]//Group[testgroup]/members: members changed 'testuser' to
'testuser,root'
debug: Finishing transaction 2194047380
</pre>
Delete the user via:
<pre>dscl . -delete /Users/testuser</pre>
(Alternatively, the user can be deleted via puppet, though ordering may allow
this to be successful.)
Now try to apply a change to the group that would cause the testuser user to be
removed from group membership:
<pre>
group { "testgroup": ensure => present, members => "root"}
[...]
info: Applying configuration version '1285616630'
debug: Puppet::Type::Group::ProviderDirectoryservice: Executing '/usr/bin/dscl
-plist . -list /Groups'
debug: Puppet::Type::Group::ProviderDirectoryservice: Executing '/usr/bin/dscl
-plist . -read /Groups/testgroup'
debug: Group[testgroup](provider=directoryservice): Executing 'dseditgroup -o
edit -n . -d testuser testgroup'
err: /Stage[main]//Group[testgroup]/members: change from roottestuser to root
failed: Could not remove testuser from group: testgroup, Execution of
'dseditgroup -o edit -n . -d testuser testgroup' returned 200: Record was not
found.
debug: Finishing transaction 2190850540
</pre>
**All** attempts to make changes to the group membership from this point will
fail, as dseditgroup cannot remove a user from a group if that user does not
exist.
Running puppet 2.6.1 on OS X 10.6.4.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
