Issue #17811 has been updated by Charlie Sharpsteen. Status changed from Investigating to Accepted
First off, this problem is still present in HEAD as of today. Looks like a numerical GID has to be used when setting the OS X grou. We have [a section of code](https://github.com/puppetlabs/puppet/blob/3.1.0/lib/puppet/provider/user/directoryservice.rb#L300-L304) that looks up the numerical value if a string is passed... but it looks like there is a logic error: <pre> # If a non-numerical gid value is passed, assume it is a group name and # lookup that group's GID value to use when setting the GID if (attribute == :gid) and value.class == 'Fixnum' value = self.class.get_attribute_from_dscl('Groups', value, 'PrimaryGroupID')['dsAttrTypeStandard:PrimaryGroupID'][0] end </pre> That test should be: <pre> value.class != 'Fixnum' </pre> or possibly: <pre> not value.kind_of? Fixnum </pre> ---------------------------------------- Bug #17811: Creating user with named gid broken on Mac OS X https://projects.puppetlabs.com/issues/17811#change-86772 Author: Björn Albers Status: Accepted Priority: Normal Assignee: Charlie Sharpsteen Category: Target version: Affected Puppet version: 3.1.0 Keywords: Branch: The [type reference](http://docs.puppetlabs.com/references/latest/type.html#user) states that both numerical and named gids are fine for the user type. This seems to be broken, at least on Mac OS X 10.8.2 with Puppet 2.17.19 and 2.7.20. When I specify a named gid, then the users primary group is set to wheel: # Given no foo user / group and a nice manifest: $ sudo dscl . -list /Users | grep -i foo $ sudo dscl . -list /Groups | grep -i foo $ cat user_and_group_on_osx.pp group { '_foo': ensure => present } user { '_foo': ensure => present, comment => 'Mr. Foo', home => '/var/empty', shell => '/usr/bin/false', gid => '_foo' } # When I apply it: $ sudo puppet apply --verbose --no-report user_and_group_on_osx.pp info: Applying configuration version '1353935701' notice: /Stage[main]//Group[_foo]/ensure: created notice: /Stage[main]//User[_foo]/ensure: created notice: Finished catalog run in 6.99 seconds # Then we have the defined user and group... $ sudo dscl . -list /Users | grep -i foo _foo $ sudo dscl . -list /Groups | grep -i foo _foo # But the PrimaryGroupID blew up: $ sudo -u _foo id uid=29(_foo) gid=0(wheel) # :-( groups=0(wheel),12(everyone),61(localaccounts),402(com.apple.sharepoint.group.1) $ sudo dscl . -read /Users/_foo | grep PrimaryGroupID PrimaryGroupID: _foo # Fixing the stuff manually: $ sudo dscl . -read /Groups/_foo AppleMetaNodeLocation: /Local/Default GeneratedUID: 394BE70D-66D4-404B-892E-22AEEC64AE84 PrimaryGroupID: 23 RecordName: _foo RecordType: dsRecTypeStandard:Groups $ sudo dscl . -create /Users/_foo PrimaryGroupID 23 $ sudo dscl . -read /Users/_foo | grep PrimaryGroupID PrimaryGroupID: 23 $ sudo -u _foo id uid=29(_foo) gid=23(_foo) # :-) groups=23(_foo),12(everyone),61(localaccounts),402(com.apple.sharepoint.group.1) -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
