Date: Tue, 3 Sep 2019 22:38:48 +0200 From: Per Hedeland <per@hedeland.org> To: freebsd-questions@freebsd.org Subject: Re: master.passwd out of sync Message-ID: <8f794315-ace9-f973-49a9-72c88c00a174@hedeland.org> In-Reply-To: <20190903130834.GD13052@io.chezmoi.fr> References: <20190903085614.GD3644@io.chezmoi.fr> <152896fe-e1fa-6c4d-b1e4-97d13ea13539@gmail.com> <c1e03141-aaf0-cafc-0d24-669ee011e314@hedeland.org> <20190903130834.GD13052@io.chezmoi.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2019-09-03 15:08, Albert Shih wrote: > Le 03/09/2019 à 13:46:17+0200, Per Hedeland a écrit >>> >>> Of course, you can still do as you state here and run pwd_mkdb(8) but better to use the right tool for the job. >> >> Well, the "new" pw(8) that Albert uses is just as much "the right >> tool" as the traditional vipw(8), and arguably more "user friendly". >> With vipw(8) you obviously update /etc/master.passwd yourself, while >> pw(8) does that for you - and both of them update /etc/passwd and the >> databases /etc/spwd.db and /etc/pwd.db, from /etc/master.passwd, >> ultimately using pwd_mkdb(8). >> >> The other difference is that vipw(8) completely re-generates >> /etc/passwd and the databases, while pw(8) updates only the specific >> user entry (the -u option is passed to pwd_mkdb(8)). Apparently it's >> this single user entry update that is failing - or at least the >> getpwnam() check for the added user that pw(8) does fails - vipw(8) >> (or pwdb(8) without -u) doesn't do any such check, since they update >> "everything". >> >> Anyway Albert, you obviously "shouldn't" get that error message from >> pw(8), and you "shouldn't" need to run pwd_mkdb(8) yourself after >> using pw(8). Are you running NIS? And if so, do you use the -Y option >> to pw(8)? Since you say that you only get the problem "sometimes", one >> *guess* is that NIS may not be updated (yet) at the point when pw(8) >> does the getpwnam() check. *If* that is the case, running pwd_mkdb(8) >> surely won't help - but the passing of time may fix it... > > To be precise. > > The creation of the account are launch through puppet agent. The agent > crash on the error : > > Error: Could not create user XXXXXX: Execution of '/usr/sbin/pw useradd XXXXXX -d /home/XXXXXX -u 22607 -g YYY -s /usr/local/bin/bash -G network,wheel -m' returned 67: pw: user 'XXXXXX' disappeared during update > Error: /Stage[main]/ZZZ::Accounts::XXXXXX_account/User[XXXXXX]/ensure: change from 'absent' to 'present' failed: Could not create user XXXXXX: Execution of '/usr/sbin/pw useradd XXXXXX -d /home/XXXXXX -u 22607 -g YYY -s /usr/local/bin/bash -G nagios,network,wheel -m' returned 67: pw: user 'XXXXXX' disappeared during update > > So I try the command manually, and end up with the same error (whew....). I > check the puppet provider and it indeed do exactly what it say (and just it say) > > No account are create actually manually on those server, well more than > that generaly no connexion on those server. > > So I run the pwd_mkdb -u and everything work again. Did you see something not work (besides the error message) before running pwd_mkdb? E.g. was the new user actually missing from /etc/passwd? > When I writing this answer, something occur to me....all server with > problem are no so long ago upgrade from 11.2 to 12.0 with freebsd-update. > > So maybe the problem are from the freebsd-update, they are a old bug report > (fix according https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=232921 ) about this problem. It's not about "this problem", but about the fact that the upgrade adds a user (ntpd) to /etc/master.passwd without running pwd_mkdb *at all* - thus the new user effectively doesn't exist. But it might be a possibility that the out-of-date /etc/passwd / /etc/spwd.db / /etc/pwd.db somehow causes the "single user entry update" to fail. --Per > I will try again with the next upgrade from 11.2 to 12. > > Regards > > -- > Albert SHIH > Observatoire de Paris > xmpp: jas@obspm.fr > Heure local/Local time: > Tue 03 Sep 2019 02:57:01 PM CEST > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8f794315-ace9-f973-49a9-72c88c00a174>