Project

General

Profile

Actions

Bug #4270

closed

Technique User management: cannot create an user if a group using the same name laready exists

Added by Fabrice FLORE-THÉBAULT over 10 years ago. Updated about 9 years ago.

Status:
Released
Priority:
3
Assignee:
Matthieu CERDA
Category:
Techniques
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

If a group with the same name as the user already exists, then the creation of the user will fail.

How to reproduce (tested on Centos 5):

  1. Define a user/group name (example: zabbix)
  2. On the test node, have the group already present
  3. On the test node, have the user absent
  4. On the rudder serrver, create a directive based on the User management 2.0 technique, for user with same name as the group
  5. On the test node, see the directive fail:
!! Finished command related to promiser "/usr/sbin/useradd" -- an error occurred (returned 9)
Q: "...in/useradd -m -": useradd: group zabbix exists - if you want to add this user to that group, use -g.

Why it is unexpected behaviour

There is no way to create a user if the group with same name exists.
The user creation directive doesn't show any information about a group name.
As a consequence, the behaviour of the directive should not be bound to any group name.

What should be correct behaviour

I see two solutions:

Make the technique capable to create the user if the group already exists.

  1. /usr/sbin/useradd need to add the user to a primary group.
  2. Standard behaviour is to create a group with same name as the user. -> respect this behaviour.
  3. If the group already exists, then use the -g option to force the group.

Make binding with primary group visible and configurable in the policy template.

  1. Add an optional field with "Primary group name (if different as the user name)"

Subtasks 1 (0 open1 closed)

Bug #5000: No report for password section if group definition error occurs in userManagement 3.0 TechniqueReleasedNicolas CHARLES2014-06-11Actions

Related issues 3 (0 open3 closed)

Related to Rudder - Bug #2584: Technique "User Management": Does not work if group already existRejectedBenoît PECCATTEActions
Related to Rudder - Bug #5149: In User Management Technique v3.0, if the group is not defined, the user is not created because it tries to insert it in group ""ReleasedNicolas CHARLES2014-06-26Actions
Related to Rudder - Bug #8599: UserManagement 6.0 fails to add user if the user's default group already existsReleasedAlexis Mousset2016-06-23Actions
Actions #1

Updated by Fabrice FLORE-THÉBAULT over 10 years ago

I guess it can be really annoying if you have both a User and a Group directives, and the Group policy gets applied first.

Actions #2

Updated by Matthieu CERDA over 10 years ago

  • Category set to Techniques
  • Status changed from New to In progress
  • Assignee set to Matthieu CERDA
  • Priority changed from N/A to 2
  • Target version set to 2.4.13

Wow, such bug report, very complete.

Taking care of this!

Actions #3

Updated by Matthieu CERDA over 10 years ago

  • Target version changed from 2.4.13 to 2.6.10

Retargetting.

Actions #4

Updated by Matthieu CERDA over 10 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Matthieu CERDA to Jonathan CLARKE
  • % Done changed from 0 to 100
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/259

PR available

Actions #5

Updated by Jonathan CLARKE about 10 years ago

  • Status changed from Pending technical review to Discussion
  • Assignee changed from Jonathan CLARKE to Matthieu CERDA
Actions #6

Updated by Vincent MEMBRÉ about 10 years ago

  • Target version changed from 2.6.10 to 2.6.11
Actions #7

Updated by Vincent MEMBRÉ about 10 years ago

  • Target version changed from 2.6.11 to 2.6.12
Actions #8

Updated by Vincent MEMBRÉ about 10 years ago

  • Target version changed from 2.6.12 to 2.6.13
Actions #9

Updated by Vincent MEMBRÉ almost 10 years ago

  • Target version changed from 2.6.13 to 2.6.14
Actions #10

Updated by Nicolas CHARLES almost 10 years ago

It would be cool to be able to specify the group in with the user should be in (facultative)
Two possiblities:
  1. if group not there, fail, don't create group and complain loudly. Group management will handle that
  2. offer possibility to create group, with groupid, if group not there (don't force)
Actions #11

Updated by Matthieu CERDA almost 10 years ago

  • Status changed from Discussion to Pending release

Applied in changeset commit:8572e048dfdc711a352890194b954875735b5123.

Actions #12

Updated by Nicolas CHARLES almost 10 years ago

Applied in changeset commit:daa7455a4a3bb64e387239a8222ab1b74fbec2b2.

Actions #13

Updated by Vincent MEMBRÉ almost 10 years ago

  • Subject changed from User management 2.0 directive fail to create a user on centos if group with same name already exists. to Technique User management: cannot create an user if a group using the same name laready exists
Actions #14

Updated by Vincent MEMBRÉ almost 10 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder versions that were released today.

Actions #15

Updated by Benoît PECCATTE about 9 years ago

  • Project changed from 24 to Rudder
  • Category changed from Techniques to Techniques
Actions #16

Updated by François ARMAND over 7 years ago

  • Related to Bug #8599: UserManagement 6.0 fails to add user if the user's default group already exists added
Actions

Also available in: Atom PDF