Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-3386

usermod misbehaves on SUSE

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Medium
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Promise type: users
    • Labels:
      None

      Description

      Issue is that -G argument to usermod (to set secondary group) can't be used together with any other argument. It happens of a machine where these classes are defined:

      sles
      sles_11
      sles_11_4
      suse
      

      To get yourself a work environment:

      The command which does not set secondary group:

      /usr/sbin/usermod -u "9876" -c "This description should make the CFEngine test pass" -g "bin" -d "/home/user-johndoe" -s "/bin/csh" -G "sys"  johndoe
      

      The only way to set secondary group is to omit any other arguments:

      /usr/sbin/usermod -G "sys"  johndoe'
      

      You can manually check contents of the /etc/group file by running the following command:

      grep johndoe /etc/group
      

      This concerns usermod from pwdutils package:

      > /usr/sbin/usermod -v
      usermod (pwdutils) 3.2.15
      Copyright (C) 2006 Thorsten Kukuk.
      

      Quoting Craig Comstock from Slack:

      craig yeah, it's another flavor that we don't support
      craig configure.ac has

      #ifdef HAVE_PWDADM
          const char *cmd_str = PWDADM " -c ";
          char final_cmd[strlen(cmd_str) + strlen(puser) + 1];
          xsnprintf(final_cmd, sizeof(final_cmd), "%s%s", cmd_str, puser);
          Log(LOG_LEVEL_VERBOSE, "Clearing password administration flags for user '%s'. (command: '%s')", puser, final_cmd);
          int status;
          status = system(final_cmd);
          if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
          {
              Log(LOG_LEVEL_ERR, "Command failed while trying to clear password flags for user '%s'. (Command: '%s')",
                  puser, final_cmd);
              return false;
          }
      #endif // HAVE_PWDADM
      

      for pwdadm, BSD-ish I believe.
      and that's a recent addition
      and no pw command either on that host at least.
      so there's no warnings in either SLES pwdutil usermod or debian usermod. bleh. 
      the pw command just re-orders things in the command, doesn't prevent other options with -G so let's log another ticket to support pwdutils-usermod on SLES

        Attachments

          Activity

            People

            Assignee:
            craig.comstock Craig Comstock
            Reporter:
            Aleksei Aleksei Shpakovskii
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: