Issue #14245 has been updated by Daniel Pittman. Status changed from Unreviewed to Rejected
Puppet just delegates down to the underlying NSS functions here - so our behaviour for illegal situations like this one depends entirely on what the underlying tools do. In this case they clearly return the group name twice in the "set of groups" for the user, which isn't what we expect. I don't think we should do anything here - it isn't clearly correct to deduplicate the result, since that doesn't reflect the reality of the system user/group database. ---------------------------------------- Bug #14245: Ralsh duplicates groups when found in several nss backends. https://projects.puppetlabs.com/issues/14245#change-61924 Author: Timur Batyrshin Status: Rejected Priority: Normal Assignee: Category: Target version: Affected Puppet version: Keywords: Branch: When a user is found in several nss group backends ralsh shows it as being included into a group more than once and puppet continually tries to remove the user from that group. To clarify: I have a following resource in my manifest: <pre> user { 'tomcat7': groups => 'ssl-user', } </pre> Until recently everything was just fine but lately the following actions began to appear: <pre> notice: /Stage[main]/Tomcat/User[tomcat7]/groups: groups changed 'ssl-user,ssl-user' to 'ssl-user' </pre> The reason for that behaviour turned out to be the following line in /etc/nsswitch.conf: <pre> root@susegrp1:~# cat /etc/nsswitch.conf | grep group group: files ldap compat </pre> When I remove the line everything returns back to normal way. Here is the output of actual state of resource on the system and as seen by puppet: <pre> root@susegrp1:~# id tomcat7 uid=108(tomcat7) gid=114(tomcat7) groups=301(ssl-user),114(tomcat7) root@susegrp1:~# getent group | grep ssl-user ssl-user:x:301:tomcat7 ssl-user:x:301:tomcat7 root@susegrp1:~# ralsh user tomcat7 warning: User tomcat7 found in both useradd and useradd; skipping the useradd version user { 'tomcat7': ensure => 'present', gid => '114', groups => ['ssl-user', 'ssl-user'], home => '/usr/share/tomcat7', password => '*', password_max_age => '99999', password_min_age => '0', shell => '/bin/false', uid => '108', } </pre> I've reproduced this on puppet version 2.7.11-13 and not tested others. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
