From owner-freebsd-questions@freebsd.org Tue Sep 3 20:38:55 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id ECE1AD769A for ; Tue, 3 Sep 2019 20:38:55 +0000 (UTC) (envelope-from per@hedeland.org) Received: from outbound1f.eu.mailhop.org (outbound1f.eu.mailhop.org [52.28.59.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 46NJhG3HLyz4Lg2 for ; Tue, 3 Sep 2019 20:38:53 +0000 (UTC) (envelope-from per@hedeland.org) ARC-Seal: i=1; a=rsa-sha256; t=1567543131; cv=none; d=outbound.mailhop.org; s=arc-outbound20181012; b=ECcudUwJM6mCq6VrPn6LFWw1lAVkBT0B3w3wi/wd3GxJ5+suhKROgOUlzByAUEOXcOkvlIm3xLFO2 5qfA2fBaYkBRi8hb3A2zYDyLu2XJsZpX42xjfN480ljFzeXuj9rB0wqcSO1PnEuAKp7w7090hSGmdk zCAFcN47QWjtQxmVaoio2TavZSBvKE1E/5iDMJfXiP83Ysnkhhf4fXismWMLfPq1xc+fKuUUeoO8cN ixroeHFbmr1BjpOV7xT/JW4+q+q4NL7rUsN6S/zkaOmNWtx76MCVOBTwSJ7GHdG1mvLezMJXrzmUxC tJpfOpGDNMoy75+KXbxjl/G4yXmZ98Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=arc-outbound20181012; h=content-transfer-encoding:content-type:in-reply-to:mime-version:date: message-id:from:references:to:subject:dkim-signature:from; bh=zr0d+z4aMxiSFsF0seepzn4qjNtUAbHSqpqHbAunqyk=; b=b6XzpTjCS6ypFsvd1yFovoPIBCyE+32EhM0WN9tkE41xsZ5FL6tbaV1wGu+53lM1T/TBH3CsQFy05 8L20gdTImEWYdXqzv/es7m14EW/cs5au0V9uvWJZhSFROF3fpZb4Yghucj13Yg0ghjRURbkGHPIrQt HwsU+9ywAsvoythIl/D0LFu/LcmVVQ2iPhgQUCvC6ScZAX4tuqD6wwSgXYF4xnuzePiP7AVAQQ4PaT riO1AHLxx+ci1yRtvI0z4XEShztanJFZLh1KOeURkPSKuqyIAGoBOP3LXlnPLyb9kyE71cTxxyheua 4ptkugXouLcndbiNS0sg07/C34SIxxQ== ARC-Authentication-Results: i=1; outbound2.eu.mailhop.org; spf=none smtp.mailfrom=hedeland.org smtp.remote-ip=81.228.157.209; dmarc=none header.from=hedeland.org; arc=none header.oldest-pass=0; DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=dkim-high; h=content-transfer-encoding:content-type:in-reply-to:mime-version:date: message-id:from:references:to:subject:from; bh=zr0d+z4aMxiSFsF0seepzn4qjNtUAbHSqpqHbAunqyk=; b=DR4Bbk4F9X1XXBlQ89T6r9hj4vnC8pX8I5dNc4+x8bU7wSVGKyb5vv7uUSRguedcFK2Q0chfKj7Kd MGRvK1yiMKSuXFazhUP56OAkAwMZCn3m37QkYHMku11S1rZmd8HcR+rz8bFT5Uwgbxy5EFxJ2OYJJo vfP9Qmj6iq1EIJe2WC6VCuXsw+1YDNF2AC/g7fn/Ts8Q6rPbHIC76XLGO6UWYHCvp/aHMch/gLMhwp qdLQryf/zPc1dtdiCotqgucdZJsvbhiKR0jJwmn0zIXViQnMu7SVLlpOZDJZb93+rIYmZG6cbub93d xhYk124HJhnj8mc2Bq0lzAq4WwfJJAw== X-MHO-RoutePath: cGVyaGVkZWxhbmQ= X-MHO-User: d52b376f-ce8a-11e9-a205-f5e3bb5d0a28 X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information X-Originating-IP: 81.228.157.209 X-Mail-Handler: DuoCircle Outbound SMTP Received: from hedeland.org (unknown [81.228.157.209]) by outbound2.eu.mailhop.org (Halon) with ESMTPSA id d52b376f-ce8a-11e9-a205-f5e3bb5d0a28; Tue, 03 Sep 2019 20:38:49 +0000 (UTC) Received: from pluto.hedeland.org (pluto.hedeland.org [10.1.1.5]) by tellus.hedeland.org (8.15.2/8.15.2) with ESMTPS id x83KcmH3065614 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Tue, 3 Sep 2019 22:38:48 +0200 (CEST) (envelope-from per@hedeland.org) Subject: Re: master.passwd out of sync To: freebsd-questions@freebsd.org References: <20190903085614.GD3644@io.chezmoi.fr> <152896fe-e1fa-6c4d-b1e4-97d13ea13539@gmail.com> <20190903130834.GD13052@io.chezmoi.fr> From: Per Hedeland Message-ID: <8f794315-ace9-f973-49a9-72c88c00a174@hedeland.org> Date: Tue, 3 Sep 2019 22:38:48 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <20190903130834.GD13052@io.chezmoi.fr> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 46NJhG3HLyz4Lg2 X-Spamd-Bar: ------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=outbound.mailhop.org header.s=dkim-high header.b=DR4Bbk4F; dmarc=none; spf=none (mx1.freebsd.org: domain of per@hedeland.org has no SPF policy when checking 52.28.59.28) smtp.mailfrom=per@hedeland.org X-Spamd-Result: default: False [-7.53 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[outbound.mailhop.org:s=dkim-high]; HAS_XOIP(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[3]; DMARC_NA(0.00)[hedeland.org]; DKIM_TRACE(0.00)[outbound.mailhop.org:+]; NEURAL_HAM_SHORT(-0.99)[-0.987,0]; RCVD_IN_DNSWL_NONE(0.00)[28.59.28.52.list.dnswl.org : 127.0.20.0]; RECEIVED_SPAMHAUS_PBL(0.00)[209.157.228.81.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(-3.24)[ip: (-9.90), ipnet: 52.28.0.0/16(-4.89), asn: 16509(-1.36), country: US(-0.05)]; ASN(0.00)[asn:16509, ipnet:52.28.0.0/16, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; ARC_ALLOW(-1.00)[i=1] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Sep 2019 20:38:56 -0000 On 2019-09-03 15:08, Albert Shih wrote: > Le 03/09/2019 à 13:46:17+0200, Per Hedeland a écrit >>> >>> Of course, you can still do as you state here and run pwd_mkdb(8) but better to use the right tool for the job. >> >> Well, the "new" pw(8) that Albert uses is just as much "the right >> tool" as the traditional vipw(8), and arguably more "user friendly". >> With vipw(8) you obviously update /etc/master.passwd yourself, while >> pw(8) does that for you - and both of them update /etc/passwd and the >> databases /etc/spwd.db and /etc/pwd.db, from /etc/master.passwd, >> ultimately using pwd_mkdb(8). >> >> The other difference is that vipw(8) completely re-generates >> /etc/passwd and the databases, while pw(8) updates only the specific >> user entry (the -u option is passed to pwd_mkdb(8)). Apparently it's >> this single user entry update that is failing - or at least the >> getpwnam() check for the added user that pw(8) does fails - vipw(8) >> (or pwdb(8) without -u) doesn't do any such check, since they update >> "everything". >> >> Anyway Albert, you obviously "shouldn't" get that error message from >> pw(8), and you "shouldn't" need to run pwd_mkdb(8) yourself after >> using pw(8). Are you running NIS? And if so, do you use the -Y option >> to pw(8)? Since you say that you only get the problem "sometimes", one >> *guess* is that NIS may not be updated (yet) at the point when pw(8) >> does the getpwnam() check. *If* that is the case, running pwd_mkdb(8) >> surely won't help - but the passing of time may fix it... > > To be precise. > > The creation of the account are launch through puppet agent. The agent > crash on the error : > > Error: Could not create user XXXXXX: Execution of '/usr/sbin/pw useradd XXXXXX -d /home/XXXXXX -u 22607 -g YYY -s /usr/local/bin/bash -G network,wheel -m' returned 67: pw: user 'XXXXXX' disappeared during update > Error: /Stage[main]/ZZZ::Accounts::XXXXXX_account/User[XXXXXX]/ensure: change from 'absent' to 'present' failed: Could not create user XXXXXX: Execution of '/usr/sbin/pw useradd XXXXXX -d /home/XXXXXX -u 22607 -g YYY -s /usr/local/bin/bash -G nagios,network,wheel -m' returned 67: pw: user 'XXXXXX' disappeared during update > > So I try the command manually, and end up with the same error (whew....). I > check the puppet provider and it indeed do exactly what it say (and just it say) > > No account are create actually manually on those server, well more than > that generaly no connexion on those server. > > So I run the pwd_mkdb -u and everything work again. Did you see something not work (besides the error message) before running pwd_mkdb? E.g. was the new user actually missing from /etc/passwd? > When I writing this answer, something occur to me....all server with > problem are no so long ago upgrade from 11.2 to 12.0 with freebsd-update. > > So maybe the problem are from the freebsd-update, they are a old bug report > (fix according https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=232921 ) about this problem. It's not about "this problem", but about the fact that the upgrade adds a user (ntpd) to /etc/master.passwd without running pwd_mkdb *at all* - thus the new user effectively doesn't exist. But it might be a possibility that the out-of-date /etc/passwd / /etc/spwd.db / /etc/pwd.db somehow causes the "single user entry update" to fail. --Per > I will try again with the next upgrade from 11.2 to 12. > > Regards > > -- > Albert SHIH > Observatoire de Paris > xmpp: jas@obspm.fr > Heure local/Local time: > Tue 03 Sep 2019 02:57:01 PM CEST > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >