Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pass secondary groups when creating a user #74

Closed
wants to merge 1 commit into from
Closed

Pass secondary groups when creating a user #74

wants to merge 1 commit into from

Conversation

ianssoftcom
Copy link

Created users should be assigned to secondary groups; pass the groups parameter to the user resource.

Note: I had to set manage_groups: false so that the accounts module no longer creates the secondary groups, this was to prevent a dependency loop:

Error: Failed to apply catalog: Found 1 dependency cycle:
(Group[sudo] => User[ubuntu] => Accounts::Group[sudo] => Group[sudo])

@deric
Copy link
Owner

deric commented Feb 28, 2017

Hi, thanks for reading the code. It's not a bug, it's a feature. You can define group membership either at group level or at user's definition:

accounts::groups:
  www-data:
    gid: 33
    members: ['john']
accounts::users:
  john:
    groups: ["sudo", "users"]

The definition of group membership gets merged and applied (the relevant code). First we're creating user accounts, then groups so that the plan is executed in a single run.

Did you have a problem with secondary groups not being applied?

@ianssoftcom
Copy link
Author

Creating secondary groups using accounts::groups works, but assigning members to secondary groups does not work. The provider for Linux is groupadd (https://docs.puppet.com/puppet/4.9/type.html#group-provider-groupadd) which does not support managing group members.

# puppet resource group testgroup ensure=present members=testuser --debug
...
Debug: /Group[testgroup]: Provider groupadd does not support features manages_members; not managing attribute members

Which is the reason I had to look at making 'acounts::users' to add to secondary groups work, but this created a dependency loop which CI detected.

@deric
Copy link
Owner

deric commented Feb 28, 2017

Not sure if I follow. Could you post your configuration?

@ianssoftcom
Copy link
Author

Adding members to secondary groups does not work. The group is created, but members were not added.

accounts::groups:
  www-data:
    members: ['john']

When using the accounts::users, the groups array does not do anything (the user resource in the code does not pass the groups - that's what this PR was for).

accounts::users:
  john:
    groups: ["sudo", "users"]
      user { $username:
        ensure    => present,
        uid       => $uid,
        shell     => $shell,
        allowdupe => $allowdupe,
      }

@deric
Copy link
Owner

deric commented Feb 28, 2017

Have you installed deric-gpasswd module which is listed as dependency? If so, please send me full log.

@ianssoftcom
Copy link
Author

Thanks - that's the piece I was missing (gpasswd provider). We have been using deric-accounts for years, so I never looked for dependencies. I will give that a test.

@deric
Copy link
Owner

deric commented Mar 1, 2017

It should be mentioned in the README, sorry about that. But the dependency will probably go away in next release, if I manage to find some time for refactoring. I'm closing this PR, in fact it's pretty much duplicate of #51.

@deric deric closed this Mar 1, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants