Issue #17811 has been updated by Charlie Sharpsteen. Category set to OSX Assignee changed from Charlie Sharpsteen to eric sorenson Keywords set to user, group, directoryservice
Eric, I'm going to kick this one to you for delegation: basically our group assignment for OS X users is broken. The code is pretty easy to fix, just a broken logic statement at: https://github.com/puppetlabs/puppet/blob/3.1.0/lib/puppet/provider/user/directoryservice.rb#L300-L304 However, we also have a test that should be catching this behavior: https://github.com/puppetlabs/puppet/blob/3.1.0/spec/unit/provider/user/directoryservice_spec.rb#L335-L337 Fixing the broken test requires deep knowledge of how `dscl` is mocked up. ---------------------------------------- Bug #17811: Creating user with named gid broken on Mac OS X https://projects.puppetlabs.com/issues/17811#change-86775 Author: Björn Albers Status: Accepted Priority: Normal Assignee: eric sorenson Category: OSX Target version: Affected Puppet version: 3.1.0 Keywords: user, group, directoryservice Branch: The [type reference](http://docs.puppetlabs.com/references/latest/type.html#user) states that both numerical and named gids are fine for the user type. This seems to be broken, at least on Mac OS X 10.8.2 with Puppet 2.17.19 and 2.7.20. When I specify a named gid, then the users primary group is set to wheel: # Given no foo user / group and a nice manifest: $ sudo dscl . -list /Users | grep -i foo $ sudo dscl . -list /Groups | grep -i foo $ cat user_and_group_on_osx.pp group { '_foo': ensure => present } user { '_foo': ensure => present, comment => 'Mr. Foo', home => '/var/empty', shell => '/usr/bin/false', gid => '_foo' } # When I apply it: $ sudo puppet apply --verbose --no-report user_and_group_on_osx.pp info: Applying configuration version '1353935701' notice: /Stage[main]//Group[_foo]/ensure: created notice: /Stage[main]//User[_foo]/ensure: created notice: Finished catalog run in 6.99 seconds # Then we have the defined user and group... $ sudo dscl . -list /Users | grep -i foo _foo $ sudo dscl . -list /Groups | grep -i foo _foo # But the PrimaryGroupID blew up: $ sudo -u _foo id uid=29(_foo) gid=0(wheel) # :-( groups=0(wheel),12(everyone),61(localaccounts),402(com.apple.sharepoint.group.1) $ sudo dscl . -read /Users/_foo | grep PrimaryGroupID PrimaryGroupID: _foo # Fixing the stuff manually: $ sudo dscl . -read /Groups/_foo AppleMetaNodeLocation: /Local/Default GeneratedUID: 394BE70D-66D4-404B-892E-22AEEC64AE84 PrimaryGroupID: 23 RecordName: _foo RecordType: dsRecTypeStandard:Groups $ sudo dscl . -create /Users/_foo PrimaryGroupID 23 $ sudo dscl . -read /Users/_foo | grep PrimaryGroupID PrimaryGroupID: 23 $ sudo -u _foo id uid=29(_foo) gid=23(_foo) # :-) groups=23(_foo),12(everyone),61(localaccounts),402(com.apple.sharepoint.group.1) -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
