Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-1299

set_user_field modifies /etc/shadow on every execution

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.6.0
    • Component/s: Promise type: files
    • Labels:
      None
    • Platform:
      Any

      Description

      I have the following policy:

      <pre>
      bundle agent verify_root
      {
      vars:
      any::
      "null_shadow_entries" ilist =>

      {4, 5, 6, 7, 8}

      ;

      files:
      any::
      "/etc/shadow"
      handle => "null_root_user_account_expiration_shadow_entries",
      edit_line => set_user_field("root",$(null_shadow_entries),""),
      classes => if_repaired("root_password_modified");
      </pre>

      Every time cf-agent executes, its modifying the set_user_field entries in /etc/shadow, even though the file has already converged.

      <pre>
      [root@esv4-cfe-test inputs]# /var/cfengine/bin/cf-agent -I -K -b verify_root
      2014-03-27T07:53:27-0700 info: Using command line specified bundlesequence
      2014-03-27T07:53:27-0700 info: /default/verify_root/files/'/etc/shadow'/default/set_user_field/field_edits/'root:.:'[0]: Setting field sub-value '' in '/etc/shadow'
      2014-03-27T07:53:27-0700 info: /default/verify_root/files/'/etc/shadow'/default/set_user_field/field_edits/'root:.:'[0]: Edited field inside file object /etc/shadow
      2014-03-27T07:53:27-0700 info: /default/verify_root/files/'/etc/shadow'/default/set_user_field/field_edits/'root:.:'[0]: Setting field sub-value '' in '/etc/shadow'
      2014-03-27T07:53:27-0700 info: /default/verify_root/files/'/etc/shadow'/default/set_user_field/field_edits/'root:.:'[0]: Edited field inside file object /etc/shadow
      2014-03-27T07:53:27-0700 info: /default/verify_root/files/'/etc/shadow'/default/set_user_field/field_edits/'root:.:'[0]: Setting field sub-value '' in '/etc/shadow'
      2014-03-27T07:53:27-0700 info: /default/verify_root/files/'/etc/shadow'/default/set_user_field/field_edits/'root:.:'[0]: Edited field inside file object /etc/shadow
      2014-03-27T07:53:27-0700 info: /default/verify_root/files/'/etc/shadow'/default/set_user_field/field_edits/'root:.:'[0]: Setting field sub-value '' in '/etc/shadow'
      2014-03-27T07:53:27-0700 info: /default/verify_root/files/'/etc/shadow'/default/set_user_field/field_edits/'root:.:'[0]: Edited field inside file object /etc/shadow
      2014-03-27T07:53:27-0700 info: /default/verify_root/files/'/etc/shadow'/default/set_user_field/field_edits/'root:.:'[0]: Setting field sub-value '' in '/etc/shadow'
      2014-03-27T07:53:27-0700 info: /default/verify_root/files/'/etc/shadow'/default/set_user_field/field_edits/'root:.:'[0]: Edited field inside file object /etc/shadow

      [root@esv4-cfe-test inputs]# /var/cfengine/bin/cf-agent -I -K -b verify_root
      2014-03-27T07:53:33-0700 info: Using command line specified bundlesequence
      2014-03-27T07:53:33-0700 info: /default/verify_root/files/'/etc/shadow'/default/set_user_field/field_edits/'root:.:'[0]: Setting field sub-value '' in '/etc/shadow'
      2014-03-27T07:53:33-0700 info: /default/verify_root/files/'/etc/shadow'/default/set_user_field/field_edits/'root:.:'[0]: Edited field inside file object /etc/shadow
      2014-03-27T07:53:33-0700 info: /default/verify_root/files/'/etc/shadow'/default/set_user_field/field_edits/'root:.:'[0]: Setting field sub-value '' in '/etc/shadow'
      2014-03-27T07:53:33-0700 info: /default/verify_root/files/'/etc/shadow'/default/set_user_field/field_edits/'root:.:'[0]: Edited field inside file object /etc/shadow
      2014-03-27T07:53:33-0700 info: /default/verify_root/files/'/etc/shadow'/default/set_user_field/field_edits/'root:.:'[0]: Setting field sub-value '' in '/etc/shadow'
      2014-03-27T07:53:33-0700 info: /default/verify_root/files/'/etc/shadow'/default/set_user_field/field_edits/'root:.:'[0]: Edited field inside file object /etc/shadow
      2014-03-27T07:53:33-0700 info: /default/verify_root/files/'/etc/shadow'/default/set_user_field/field_edits/'root:.:'[0]: Setting field sub-value '' in '/etc/shadow'
      2014-03-27T07:53:33-0700 info: /default/verify_root/files/'/etc/shadow'/default/set_user_field/field_edits/'root:.:'[0]: Edited field inside file object /etc/shadow
      2014-03-27T07:53:33-0700 info: /default/verify_root/files/'/etc/shadow'/default/set_user_field/field_edits/'root:.:'[0]: Setting field sub-value '' in '/etc/shadow'
      2014-03-27T07:53:33-0700 info: /default/verify_root/files/'/etc/shadow'/default/set_user_field/field_edits/'root:.:'[0]: Edited field inside file object /etc/shadow

      </pre>

        Attachments

          Activity

            People

            • Assignee:
              a10025 Volker Hilsheimer (Inactive)
              Reporter:
              msvoboda@linkedin.com mike svoboda
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Summary Panel