[chef] Re: Re: Re: Re: Check if a user exists?

[Alexander Skwar < >]

Hi Matthew

Okay, Etc.passwd works:

$ irb

irb(main):001:0> require "etc"

=> true

irb(main):002:0> Etc.getpwnam("ask")

=> #<struct Struct::Passwd name="ask", passwd="*", uid=10000, gid=10000, gecos="Alexander Skwar", dir="/home/ask", shell="/usr/bin/zsh">

That is from IPA. But Ohai doesn't. I suppose it is because eg. "getent passwd" (no further arguments) also doesn't list ALL accounts. "getent passwd foo" returns the data for the user "foo", even if it is in IPA (or sss, for that matter).

I'm not changing nsswitch after the chef run has started.

Best ergards,

Alexander

2015-09-23 15:49 GMT+02:00 Matthew Moretti < " target="_blank"> >:

Ohai uses ruby’s Etc.passwd (https://github.com/chef/ohai/blob/master/lib/ohai/plugins/passwd.rb) to get user data which should include other sources that are in nsswitch.

I know that Ohai includes external sources because it’s a very common for people with LDAP enabled to disable that particular Ohai plugin (since by default it’ll load your whole directory and store it in the node data).

There is, however, an issue when nsswitch changes after the Chef run has started. Because of a limitation in the underlying C library, those changes don’t get picked up by already running processes. (https://tickets.opscode.com/browse/CHEF-3780) Perhaps that’s your issue here?

Matt Moretti

On Wed, Sep 23, 2015 at 8:52 AM, Alexander Skwar (mailto: )" target="_blank"> (mailto: ) wrote:

Hi

I don't have knife, I'm using chef-solo. Should've mentioned this, sorry :/

Well, but, no. For local users, ohai seems usable (→ "And "node['etc']['passwd']['local']" is not nil."). node['etc']['passwd']['root'] returns "something".

But for not local users (which are in sssd), ohai doesn't seem to work. As I said, for users stored in IPA, I get "nil" (→ "But "node['etc']['passwd']['ask']" is "nil""), when I check node['etc']['passwd']['ipa-username'].

What's the correct way to check if a user exists, if the user isn't local?

Regards,

Alexander

 

2015-09-23 14:13 GMT+02:00 Barthélemy Vessemont < " target="_blank"> >:

Just use ohai !!!

Ohai gather up all system user :

> knife search 'name:my-server' -a etc.passwd.root.uid -a etc.passwd.root.gid

my-server:
  etc.passwd.root.gid: 0
  etc.passwd.root.uid: 0

On Wed, Sep 23, 2015 at 10:15 AM, Alexander Skwar < " target="_blank"> > wrote:

Hello

We're using an IPA server to store user accounts and such and Ubuntu clients with FreeIPA to access this. I would now like to do something, based on the existence of a user account in IPA.

How can I check if a user exists?

On Stack Overflow, I found this:

Ohai queries the users on the system for you:

if node['etc']['passwd']['random']
  # Do deploy
end




But this only works with local accounts; it does not work with accounts in IPA. In our nsswitch.conf, there's:

$ grep passwd /etc/nsswitch.conf 

passwd:         files sss

With getent, I can query accounts.

$ getent passwd ask

ask:*:10000:10000:Alexander Skwar:/home/ask:/usr/bin/zsh

$ getent passwd example-does-not-exist

$ getent passwd local

local:x:1000:1000::/home/local:/bin/zsh

"ask" is stored in IPA; "example-does-not-exist" is a non-existant account; "local" is a user from /etc/passwd.

But "node['etc']['passwd']['ask']" is "nil". And "node['etc']['passwd']['local']" is not nil.

How can I check if a user exists? Do I really have to resort to calling getent?

Thanks,

Alexander

--

Barthélemy Vessemont - " target="_blank">
Ingénieur en informatique diplômé de l'UTC (Compiègne)
Contributeur Chef ( )

--

Alexander
-- 
=>        Google+ => http://plus.skwar.me         <==
=> Chat (Jabber/Google Talk) => 
 
 " target="_blank">
  <==

​

--

Alexander
-- 
=>        Google+ => http://plus.skwar.me         <==
=> Chat (Jabber/Google Talk) => 
 
 " target="_blank">
  <==