Luke/others, Do you think it's safe to parse the /etc/password and /etc/groups file in the case of the self.instances call? Which is to say, are there any platforms that don't at least follow the convention of "username:password:UID:" ? That would go a long way towards solving the bug, and we wouldn't have to deal the problem of correctly reading and writing all fields.
On Fri, Feb 25, 2011 at 2:00 PM, Luke Kanies <[email protected]> wrote: > On Feb 25, 2011, at 1:55 PM, Sean Millichamp wrote: > >> On Fri, 2011-02-25 at 13:32 -0800, Jesse Wolfe wrote: >>> Sorry that I'm late to the party one this one, but I have some questions. >>> groupadd must also have the problem, is that correct? >>> And it probably also affects the "pw" provider for BSD? >>> >>> If so, I think we should remove the getent code entirely and replace >>> it with passwd and group file parsing at the share ancestor. >> >> Jesse, >> >> That is likely true. However, my initial question on that approach is >> are there other instances in Puppet where user lookups occur for some >> reason that require results from LDAP or other nsswitch/pw providers >> (I'm thinking file ownership and maybe ssh_authorized_key users). I >> don't have any idea how Puppet handles those types of things internally. > > We just use the system POSIX APIs for data reading, so it always goes through > whatever the system is configured to use. > > There's been a ticket open for ages to switch from the APIs to > reading/writing the files. The downside of doing so is that compatibility > becomes a bit harder - we're currently relying entirely on APIs and commands, > which means the system has to handle compatibility, but once you start > reading and writing the files it can suck. E.g., HP-UX has a line-length > limit in the groups file (I think it's 1024 chars, which many groups exceed), > and it silently ignores anything past that limit, so you have to split all > groups based on that length into multiple lines. That's just one I know > about, but I expect that every platform has something equally stupid. > > -- > I take my children everywhere, but they always find their way > back home. --Robert Orben > --------------------------------------------------------------------- > Luke Kanies -|- http://puppetlabs.com -|- +1(615)594-8199 > > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Developers" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-dev?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
