From owner-freebsd-questions@freebsd.org Tue Sep 3 13:08:38 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 96E2DDA651 for ; Tue, 3 Sep 2019 13:08:38 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from mx-p1.obspm.fr (mx-p1.obspm.fr [145.238.193.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "*.obspm.fr", Issuer "TERENA SSL CA 3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46N6hj5hk3z4L0K for ; Tue, 3 Sep 2019 13:08:37 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from io.chezmoi.fr (io-p2.obspm.fr [145.238.197.205]) (authenticated bits=0) by mx-p1.obspm.fr (8.14.4/8.14.4/DIO Observatoire de Paris - 15/04/10) with ESMTP id x83D8YbS050675 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 3 Sep 2019 15:08:35 +0200 Date: Tue, 3 Sep 2019 15:08:34 +0200 From: Albert Shih To: freebsd-questions@freebsd.org Subject: Re: master.passwd out of sync Message-ID: <20190903130834.GD13052@io.chezmoi.fr> References: <20190903085614.GD3644@io.chezmoi.fr> <152896fe-e1fa-6c4d-b1e4-97d13ea13539@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.12.1 (2019-06-15) X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.11 (mx-p1.obspm.fr [145.238.193.20]); Tue, 03 Sep 2019 15:08:35 +0200 (CEST) X-Virus-Scanned: clamav-milter 0.100.3 at mx-p1.obspm.fr X-Virus-Status: Clean X-Rspamd-Queue-Id: 46N6hj5hk3z4L0K X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of Albert.Shih@obspm.fr designates 145.238.193.20 as permitted sender) smtp.mailfrom=Albert.Shih@obspm.fr X-Spamd-Result: default: False [-5.80 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx:c]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_MED(-0.20)[20.193.238.145.list.dnswl.org : 127.0.11.2]; NEURAL_HAM_SHORT(-0.99)[-0.991,0]; DMARC_NA(0.00)[obspm.fr]; IP_SCORE(-2.31)[ip: (-9.69), ipnet: 145.238.0.0/16(-4.84), asn: 2200(3.00), country: FR(-0.00)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:2200, ipnet:145.238.0.0/16, country:FR]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Sep 2019 13:08:38 -0000 Le 03/09/2019 à 13:46:17+0200, Per Hedeland a écrit > > > > Of course, you can still do as you state here and run pwd_mkdb(8) but better to use the right tool for the job. > > Well, the "new" pw(8) that Albert uses is just as much "the right > tool" as the traditional vipw(8), and arguably more "user friendly". > With vipw(8) you obviously update /etc/master.passwd yourself, while > pw(8) does that for you - and both of them update /etc/passwd and the > databases /etc/spwd.db and /etc/pwd.db, from /etc/master.passwd, > ultimately using pwd_mkdb(8). > > The other difference is that vipw(8) completely re-generates > /etc/passwd and the databases, while pw(8) updates only the specific > user entry (the -u option is passed to pwd_mkdb(8)). Apparently it's > this single user entry update that is failing - or at least the > getpwnam() check for the added user that pw(8) does fails - vipw(8) > (or pwdb(8) without -u) doesn't do any such check, since they update > "everything". > > Anyway Albert, you obviously "shouldn't" get that error message from > pw(8), and you "shouldn't" need to run pwd_mkdb(8) yourself after > using pw(8). Are you running NIS? And if so, do you use the -Y option > to pw(8)? Since you say that you only get the problem "sometimes", one > *guess* is that NIS may not be updated (yet) at the point when pw(8) > does the getpwnam() check. *If* that is the case, running pwd_mkdb(8) > surely won't help - but the passing of time may fix it... To be precise. The creation of the account are launch through puppet agent. The agent crash on the error : Error: Could not create user XXXXXX: Execution of '/usr/sbin/pw useradd XXXXXX -d /home/XXXXXX -u 22607 -g YYY -s /usr/local/bin/bash -G network,wheel -m' returned 67: pw: user 'XXXXXX' disappeared during update Error: /Stage[main]/ZZZ::Accounts::XXXXXX_account/User[XXXXXX]/ensure: change from 'absent' to 'present' failed: Could not create user XXXXXX: Execution of '/usr/sbin/pw useradd XXXXXX -d /home/XXXXXX -u 22607 -g YYY -s /usr/local/bin/bash -G nagios,network,wheel -m' returned 67: pw: user 'XXXXXX' disappeared during update So I try the command manually, and end up with the same error (whew....). I check the puppet provider and it indeed do exactly what it say (and just it say) No account are create actually manually on those server, well more than that generaly no connexion on those server. So I run the pwd_mkdb -u and everything work again. When I writing this answer, something occur to me....all server with problem are no so long ago upgrade from 11.2 to 12.0 with freebsd-update. So maybe the problem are from the freebsd-update, they are a old bug report (fix according https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=232921 ) about this problem. I will try again with the next upgrade from 11.2 to 12. Regards -- Albert SHIH Observatoire de Paris xmpp: jas@obspm.fr Heure local/Local time: Tue 03 Sep 2019 02:57:01 PM CEST