Issue #6005 has been updated by James Turnbull. Target version changed from 2.6.6 to 2.6.x
---------------------------------------- Bug #6005: User type cannot handle project property https://projects.puppetlabs.com/issues/6005 Author: Stefan Schulte Status: Accepted Priority: Normal Assignee: Category: user Target version: 2.6.x Affected Puppet version: Keywords: Branch: The user resource has a »project« property that is supposed to set the defaultproject for a user in `/etc/user_attr`. This doesnt work. What you need to reproduce the bug ================================== * Solaris (testet on Solaris 5.10 Intel CPU) * a project that is present in /etc/project <pre> testproj:4503:::: </pre> * a simple manifest like this <pre> user { "testuser": project => "testproj", ensure => present, } </pre> Now lets run puppet <pre> debug: User[testuser](provider=user_role_add): Executing '/usr/sbin/useradd -p testproj testuser' notice: /Stage[main]//User[testuser]/ensure: created </pre> Unfortunately `useradd -p` and `usermod -p` only add the user in the allowed users list in `etc/project`. The project now looks like this <pre> testproj:4503::testuser:: </pre> However, no entry is created in `/etc/user_attr` and running `projects -d testuser` that will print out the default project for the testusers still says `default` (`default` is a project that should be present on every Solaris host). So puppet running `useradd -p` (same is true for `usermod -p`) 1. is not what I want/expect 2. is not what puppet checks agains On any following puppet run, puppet now claims that the user has no default project: <pre> debug: User[testuser](provider=user_role_add): Executing '/usr/sbin/usermod -p testproj testuser' notice: /Stage[main]//User[testuser]/project: project changed '' to 'testproj' </pre> Possible solution ================= To change the defaultproject one can run `usermod -K project=testproj testuser`. This will update the entry in `/etc/user_attr` that will now look like this: <pre> testuser::::type=normal;project=testproj </pre> Puppet will now report that the project property is in sync. Drawback ======== I dont know a command that will erease the project entry. <pre> usermod -p testuser # the above erases the user in /etc/project but doesnt remove the user_attr entry usermod -K 'project' testuser UX: usermod: ERROR: Missing value specification. usermod -K 'project=' testuser UX: usermod: ERROR: is not a valid project name. Choose another. usermod -K 'project=""' testuser UX: usermod: ERROR: "" is not a valid project name. Choose another. </pre> It is important that we can erase the project entry because if there is none, the default will be a) a project that is called `user.testuser` if there a project with that name b) a project that is called `group.some_group_testuser_is_in` if there is project with that name c) the project called `default` If we want this implicit project assignment we have to be able to erase the project from the `/etc/user_attr` entry. Possible solution 2 =================== Use a parsedfile provider to update `/etc/user_attr`. That's what I'm doing right now. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
