Issue #5423 has been updated by Paul Berry. Status changed from Ready for Testing to Available In Testing Branch
Pushed to branch 2.6.next as commit:6c8159326cb141a8d5714f65e1854293327e6b75 ---------------------------------------- Bug #5423: home property of the user type is run after the uid property, causing sadness https://projects.puppetlabs.com/issues/5423 Author: Nicolas Simonds Status: Available In Testing Branch Priority: Normal Assignee: Category: user Target version: Affected Puppet version: 2.6.3 Keywords: communitypatch Branch: https://github.com/saysjonathan/puppet/commit/9da315c89e77d4bcdd4a5451a61c7df37a3f5ab6 Preamble: A Puppet run completely clobbered our production environment, taking a huge portion of our infrastructure down, and requiring several hours to clean up. A root cause analysis determined the source of the trouble to be a UID change for a service account -- This service account was improperly setup on some systems, and the UID collided with other service accounts, i.e., several different service accounts had the same UID. Cause: On Linux systems using usermod to manage UIDs, it will automatically re-map the UIDs in the user's home directory to the new UID. I fail to see how this is useful, but I didn't write it, and it doesn't appear to be an option that can be disabled. If a user definition has the home directory set to something silly, e.g., /, usermod will traverse the entire filesystem looking for files with the old UID and chown()ing them to the new one. Puppet will then fix the home directory. Expected result: One would expect Puppet to fix the attributes of the passwd entry in the order of least-to-most destructiveness, to minimize the potential for unpleasantness Actual result: Puppet fixes the UID, then the home directory, which if the homedir was set wrong, causes all anner of havoc. In our case, MySQL and PostgreSQL processes lost the ability to talk to their databases because usermod took all their files away before Puppet could repair the home directory entry. A patch to move the home directory property above the uid property is attached. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
