Looking over the documentation, I think this code has a file handle leak; you are supposed to call Etc.endpwent() to close the file.
It looks to me like the Etc module is too low-level to be appropriate for this use case. Also, the documentation is not clear on whether it uses nsswitch, or reads /etc/passwd directly. Using nsswitch would pick up users from sources like LDAP, winbindd or other sources.
Kevin Keane
The NetTech
http://www.4nettech.com
Our values: Privacy, Liberty, Justice
See https://www.4nettech.com/corp/the-nettech-values.html
-----Original message-----
From: Matthew Moretti < >
Sent: Sunday 1st March 2015 19:54
To:
Subject: [chef] Re: Re: Re: Re: How to detect user does exist?Documentation for Ruby’s ‘Etc’ module is here. You could use it in place of your shell guard like so:
group "sensu" do action :modify members "vagrant" append true only_if { Etc.getpwnam('vagrant') rescue false } end
The “rescue” is required because
.getpwnam
raises an exception if the user can’t be found. If you want to avoid the sin of in-line “rescue”, this is a bit better:
group "sensu" do action :modify members "vagrant" append true only_if do begin Etc.getpwnam('vagrant') rescue ArgumentError false end end end
I’ll be honest, I prefer the “getent passwd vagrant” solution more. It’s easier to read, and isn’t any less efficient or more platform dependent than the Ruby solution as far as I can tell.
Matt Moretti
On Sun, Mar 1, 2015 at 8:47 PM, Anthony Kong < " target="_blank" title="This external link will open in a new window"> > wrote:Hi Mark,Can you shed more light on it? Do you have a url to the documentation or some example?Cheers,Tony Kongblog: www.ahwkong.comlinkedin: www.linkedin.com/in/anthonykongDon’t EVER make the mistake that you can design something better than what you get from ruthless massively parallel trial-and-error with a feedback cycle. That’s giving your intelligence much too much credit.
- Linus TorvaldsOn Mon, Mar 2, 2015 at 4:12 AM, Mark Pimentel < " target="_blank" title="This external link will open in a new window"> > wrote:For a more ruby-esque way you can use the built-in method Etc.
On Feb 28, 2015 5:56 PM, "Eric Helgeson" < " target="_blank" title="This external link will open in a new window"> > wrote:Hey Anthony,
You can use a guard in this case to check and execute the resource 'only_if' the condition is true. You can use ruby or specify a command.
```
$ cat test.rb
group "sensu" doaction :modifymembers "vagrant"append trueonly_if "getent passwd vagrant"
end
$ chef-apply test.rb
Recipe: (chef-apply cookbook)::(chef-apply recipe)
* group[sensu] action modify (skipped due to only_if)
```Grabbed the guard form this post - http://stackoverflow.com/questions/24856339/chef-initialize-new-linux-user-if-it-doesnt-already-existHTHOn Sat, Feb 28, 2015 at 4:42 PM, Anthony Kong < " target="_blank" title="This external link will open in a new window"> > wrote:HiI have this definition on my cookbookgroup "sensu" do
action :modify
members "vagrant"
append true
end
it will throw an exception when I run it on ec2 because there is no user vagrantHow can I avoid the exception? Is there any way to detect the user exist? I have checked the doc https://docs.chef.io/resource_group.html but there is nothing obviousCheers,
Archive powered by MHonArc 2.6.16.