I think it's at least as safe as parsing cron files. :) I expect it's pretty safe as long as you handle a couple weird cases like group (and maybe user?) lines being split into multiple lines.
I'd definitely want those to supplement the existing providers, not replace them, though, at least for a little while. On Feb 25, 2011, at 2:07 PM, Jesse Wolfe wrote: > Luke/others, > Do you think it's safe to parse the /etc/password and /etc/groups file > in the case of the self.instances call? > Which is to say, are there any platforms that don't at least follow > the convention of "username:password:UID:" ? > That would go a long way towards solving the bug, and we wouldn't have > to deal the problem of correctly reading and writing all fields. > > On Fri, Feb 25, 2011 at 2:00 PM, Luke Kanies <[email protected]> wrote: >> On Feb 25, 2011, at 1:55 PM, Sean Millichamp wrote: >> >>> On Fri, 2011-02-25 at 13:32 -0800, Jesse Wolfe wrote: >>>> Sorry that I'm late to the party one this one, but I have some questions. >>>> groupadd must also have the problem, is that correct? >>>> And it probably also affects the "pw" provider for BSD? >>>> >>>> If so, I think we should remove the getent code entirely and replace >>>> it with passwd and group file parsing at the share ancestor. >>> >>> Jesse, >>> >>> That is likely true. However, my initial question on that approach is >>> are there other instances in Puppet where user lookups occur for some >>> reason that require results from LDAP or other nsswitch/pw providers >>> (I'm thinking file ownership and maybe ssh_authorized_key users). I >>> don't have any idea how Puppet handles those types of things internally. >> >> We just use the system POSIX APIs for data reading, so it always goes >> through whatever the system is configured to use. >> >> There's been a ticket open for ages to switch from the APIs to >> reading/writing the files. The downside of doing so is that compatibility >> becomes a bit harder - we're currently relying entirely on APIs and >> commands, which means the system has to handle compatibility, but once you >> start reading and writing the files it can suck. E.g., HP-UX has a >> line-length limit in the groups file (I think it's 1024 chars, which many >> groups exceed), and it silently ignores anything past that limit, so you >> have to split all groups based on that length into multiple lines. That's >> just one I know about, but I expect that every platform has something >> equally stupid. >> >> -- >> I take my children everywhere, but they always find their way >> back home. --Robert Orben >> --------------------------------------------------------------------- >> Luke Kanies -|- http://puppetlabs.com -|- +1(615)594-8199 >> >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Developers" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/puppet-dev?hl=en. >> >> -- I take my children everywhere, but they always find their way back home. --Robert Orben --------------------------------------------------------------------- Luke Kanies -|- http://puppetlabs.com -|- +1(615)594-8199 -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
