master.passwd out of sync
Per Hedeland
per at hedeland.org
Tue Sep 3 20:38:56 UTC 2019
On 2019-09-03 15:08, Albert Shih wrote:
> Le 03/09/2019 à 13:46:17+0200, Per Hedeland a écrit
>>>
>>> Of course, you can still do as you state here and run pwd_mkdb(8) but better to use the right tool for the job.
>>
>> Well, the "new" pw(8) that Albert uses is just as much "the right
>> tool" as the traditional vipw(8), and arguably more "user friendly".
>> With vipw(8) you obviously update /etc/master.passwd yourself, while
>> pw(8) does that for you - and both of them update /etc/passwd and the
>> databases /etc/spwd.db and /etc/pwd.db, from /etc/master.passwd,
>> ultimately using pwd_mkdb(8).
>>
>> The other difference is that vipw(8) completely re-generates
>> /etc/passwd and the databases, while pw(8) updates only the specific
>> user entry (the -u option is passed to pwd_mkdb(8)). Apparently it's
>> this single user entry update that is failing - or at least the
>> getpwnam() check for the added user that pw(8) does fails - vipw(8)
>> (or pwdb(8) without -u) doesn't do any such check, since they update
>> "everything".
>>
>> Anyway Albert, you obviously "shouldn't" get that error message from
>> pw(8), and you "shouldn't" need to run pwd_mkdb(8) yourself after
>> using pw(8). Are you running NIS? And if so, do you use the -Y option
>> to pw(8)? Since you say that you only get the problem "sometimes", one
>> *guess* is that NIS may not be updated (yet) at the point when pw(8)
>> does the getpwnam() check. *If* that is the case, running pwd_mkdb(8)
>> surely won't help - but the passing of time may fix it...
>
> To be precise.
>
> The creation of the account are launch through puppet agent. The agent
> crash on the error :
>
> Error: Could not create user XXXXXX: Execution of '/usr/sbin/pw useradd XXXXXX -d /home/XXXXXX -u 22607 -g YYY -s /usr/local/bin/bash -G network,wheel -m' returned 67: pw: user 'XXXXXX' disappeared during update
> Error: /Stage[main]/ZZZ::Accounts::XXXXXX_account/User[XXXXXX]/ensure: change from 'absent' to 'present' failed: Could not create user XXXXXX: Execution of '/usr/sbin/pw useradd XXXXXX -d /home/XXXXXX -u 22607 -g YYY -s /usr/local/bin/bash -G nagios,network,wheel -m' returned 67: pw: user 'XXXXXX' disappeared during update
>
> So I try the command manually, and end up with the same error (whew....). I
> check the puppet provider and it indeed do exactly what it say (and just it say)
>
> No account are create actually manually on those server, well more than
> that generaly no connexion on those server.
>
> So I run the pwd_mkdb -u and everything work again.
Did you see something not work (besides the error message) before
running pwd_mkdb? E.g. was the new user actually missing from
/etc/passwd?
> When I writing this answer, something occur to me....all server with
> problem are no so long ago upgrade from 11.2 to 12.0 with freebsd-update.
>
> So maybe the problem are from the freebsd-update, they are a old bug report
> (fix according https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=232921 ) about this problem.
It's not about "this problem", but about the fact that the upgrade
adds a user (ntpd) to /etc/master.passwd without running pwd_mkdb *at
all* - thus the new user effectively doesn't exist. But it might be a
possibility that the out-of-date /etc/passwd / /etc/spwd.db /
/etc/pwd.db somehow causes the "single user entry update" to fail.
--Per
> I will try again with the next upgrade from 11.2 to 12.
>
> Regards
>
> --
> Albert SHIH
> Observatoire de Paris
> xmpp: jas at obspm.fr
> Heure local/Local time:
> Tue 03 Sep 2019 02:57:01 PM CEST
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list