Issue #23344 has been reported by Jon McKenzie. ---------------------------------------- Bug #23344: The 'forcelocal' parameter for the 'user' resource still performs NSS lookups for certain subkeys https://projects.puppetlabs.com/issues/23344
* Author: Jon McKenzie * Status: Unreviewed * Priority: Normal * Assignee: * Category: user * Target version: * Affected Puppet version: 3.3.1 * Keywords: * Branch: ---------------------------------------- I have a particular configuration where a custom NSS plugin intercepts getent passwd calls and replaces the login shell with a new shell. In this situation, using the standard 'user' resource causes a false-positive for Puppet where it thinks the shell is configured as this new value, but it should be set to the value specified in the manifest. Unfortunately, setting 'forcelocal' to 'true' does not appear to solve the issue. I did a little looking through the code, and as far as I can tell, only certain specific subkeys (uid, gid, etc.) utilize the 'forcelocal' parameter (and the login shell is unfortunately not one of them). If 'forcelocal' does not support certain keys than (IMO) either: 1. The documentation should be updated to explicitly list the supported keys 2. The behavior should change so that all of the keys are supported. 3. The login shell key is made compatible with 'forcelocal', and #1 is done to boot for the remaining keys to avoid future confusion about this issue Right now this is not a huge blocker, but it's requiring me to avoid validating the local settings for login shells wherever this custom NSS module is being used. As a side note, my 'libuser' Puppet feature appears to be loading correctly (which is a prereq for 'forcelocal') -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
