Jira (PUP-3337) Validation of shell in user resource breaks when using sudo
Title: Message Title Josh Cooper updated an issue Puppet / PUP-3337 Validation of shell in user resource breaks when using sudo Change By: Josh Cooper Team: Coremunity Platform OS Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-3337) Validation of shell in user resource breaks when using sudo
Title: Message Title Josh Cooper updated an issue Puppet / PUP-3337 Validation of shell in user resource breaks when using sudo Change By: Josh Cooper Sprint: Platform Core Grooming Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-3337) Validation of shell in user resource breaks when using sudo
Title: Message Title Jacob Helwig updated an issue Puppet / PUP-3337 Validation of shell in user resource breaks when using sudo Change By: Jacob Helwig Team: Platform Core Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-3337) Validation of shell in user resource breaks when using sudo
Title: Message Title Jacob Helwig updated an issue Puppet / PUP-3337 Validation of shell in user resource breaks when using sudo Change By: Jacob Helwig Sprint: Platform Core Grooming Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-3337) Validation of shell in user resource breaks when using sudo
Title: Message Title Jacob Helwig updated an issue Puppet / PUP-3337 Validation of shell in user resource breaks when using sudo Change By: Jacob Helwig Sub-team: Coremunity Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-3337) Validation of shell in user resource breaks when using sudo
Title: Message Title Robert Scheer commented on PUP-3337 Re: Validation of shell in user resource breaks when using sudo Because it might not be my own script but something from a package. Or it might not be a script at all but a binary. Or just because I can. The provider useradd/usermod allows for all of it: useradd/usermod # useradd test # egrep ^test: /etc/passwd test:x:17157:17157::/home/test: # usermod -s /bin/bash test # egrep ^test: /etc/passwd test:x:17157:17157::/home/test:/bin/bash # usermod -s /bin/idontexist test # egrep ^test: /etc/passwd test:x:17157:17157::/home/test:/bin/idontexist # usermod -s "some constructed command" test # egrep ^test: /etc/passwd test:x:17157:17157::/home/test:some constructed command So why would a provisioning tool want to allow less than the system it manages? Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-3337) Validation of shell in user resource breaks when using sudo
Title: Message Title Martin Zehetmayer commented on PUP-3337 Re: Validation of shell in user resource breaks when using sudo I understand your wish that puppet should not enforce the check that the string as a whole exists as executable but why don't you put your sudo command within the script you execute? Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-3337) Validation of shell in user resource breaks when using sudo
Title: Message Title Moses Mendoza updated an issue Puppet / PUP-3337 Validation of shell in user resource breaks when using sudo Change By: Moses Mendoza Labels: help_wanted triaged Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-3337) Validation of shell in user resource breaks when using sudo
Title: Message Title Adrien Thebo assigned an issue to Unassigned Puppet / PUP-3337 Validation of shell in user resource breaks when using sudo Change By: Adrien Thebo Assignee: Kylo Ginsberg Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-3337) Validation of shell in user resource breaks when using sudo
Title: Message Title Adrien Thebo updated an issue Puppet / PUP-3337 Validation of shell in user resource breaks when using sudo Change By: Adrien Thebo Labels: help_wanted triaged Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-3337) Validation of shell in user resource breaks when using sudo
Title: Message Title Adrien Thebo commented on PUP-3337 Re: Validation of shell in user resource breaks when using sudo I think that Kylo's suggestion is a good one. We could also validate this against chsh: └> chsh -l /bin/sh /bin/bash /bin/zsh /usr/bin/zsh We agree this is likely an improvement, but due to other issues demanding precedence, we don’t anticipate being able to address this any time soon. If you are interested in submitting a patch to the repository for this project at https://github.com/puppetlabs, please open a pull request against https://github.com/puppetlabs/puppet. Add Comment This message was sent by Atlassian
Jira (PUP-3337) Validation of shell in user resource breaks when using sudo
Title: Message Title Robert Scheer commented on PUP-3337 Re: Validation of shell in user resource breaks when using sudo The change in # PUP-1448 broke password management for me and, according to this ticket, other people as well. I received no reaction to my comment there, so I'll repeat my reasoning against validation here: There are lots different restrictions on different operating system. Puppet cannot and should not know about all of them. The provider knows them and will tell you if setting a shell succeeded or failed. No need to try and copy that behaviour, or worse: enforce something unexpected. If the provider allows to configure a non-existing shell, then please don't try to prevent that and trust the provider to handle it. Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-3337) Validation of shell in user resource breaks when using sudo
Title: Message Title Kylo Ginsberg commented on an issue Re: Validation of shell in user resource breaks when using sudo Matching the underlying tool's behavior sounds good, although I don't know how to do that in abstract. Maybe a good-enough middle ground would be to tokenize the shell parameter and run the validation test against the first token? Add Comment Puppet / PUP-3337 Validation of shell in user resource breaks when using sudo We have an special user on our clients used to allow emergency logins if the user has lost his/hers smartcard. This user has a loginshell like this: "/usr/bin/sudo /usr/bin/emerg.sh" This worked fine before, but somewhere along the way a validation of the shell has been introduced which renders the error: "Shell /usr/bin/sudo /usr/bin/emerg.sh must e... This message was sent by Atlassian JIRA (v6.1.4#6159-sha1:44eaede) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at h
Jira (PUP-3337) Validation of shell in user resource breaks when using sudo
Title: Message Title Charlie Sharpsteen commented on an issue Re: Validation of shell in user resource breaks when using sudo This issue is a result of changes made in Puppet 3.5.0 by PUP-1448 . In hindsight, the validation added there may be much too restrictive. Should we do any validation above and beyond what the underlying tool, such as chsh, requires? Add Comment Puppet / PUP-3337 Validation of shell in user resource breaks when using sudo We have an special user on our clients used to allow emergency logins if the user has lost his/hers smartcard. This user has a loginshell like this: "/usr/bin/sudo /usr/bin/emerg.sh" This worked fine before, but somewhere along the way a validation of the shell has been introduced which renders the error: "Shell /usr/bin/sudo /usr/bin/emerg.sh must e... This message was sent by Atlassian JIRA (v6.1.4#6159-sha1:44eaede) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from thi
Jira (PUP-3337) Validation of shell in user resource breaks when using sudo
Title: Message Title Charlie Sharpsteen updated an issue Puppet / PUP-3337 Validation of shell in user resource breaks when using sudo Change By: Charlie Sharpsteen Affects Version/s: 3.7.0 Affects Version/s: 3.5.0 Add Comment This message was sent by Atlassian JIRA (v6.1.4#6159-sha1:44eaede) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-3337) Validation of shell in user resource breaks when using sudo
Title: Message Title Adam Winberg created an issue Puppet / PUP-3337 Validation of shell in user resource breaks when using sudo Issue Type: Bug Affects Versions: 3.7.0 Assignee: Kylo Ginsberg Components: Client Created: 24/Sep/14 9:03 AM Priority: Normal Reporter: Adam Winberg We have an special user on our clients used to allow emergency logins if the user has lost his/hers smartcard. This user has a loginshell like this: "/usr/bin/sudo /usr/bin/emerg.sh" This worked fine before, but somewhere along the way a validation of the shell has been introduced which renders the error: "Shell /usr/bin/sudo /usr/bin/emerg.sh must exist" Add Comment
