"FATAL: Wrong number of arguments" running chef-server-ctl user-create if password contains shell characters that aren't escaped, even if quoted

[kenny-evitt]

Am I missing something?

From Install the Chef Server — Chef Server:

Run the following command to create an administrator:

$ chef-server-ctl user-create user_name first_name last_name email password --filename FILE_NAME

An RSA private key is generated automatically. This should be saved to a safe location. The --filename option will save the RSA private key to a specified path.

And that mostly matches the help text when running chef-server-ctl user-create with no arguments:

USAGE: knife opc user create USERNAME FIRST_NAME [MIDDLE_NAME] LAST_NAME EMAIL PASSWORD
    -s, --server-url URL             Chef Server URL
        --chef-zero-host HOST        Host to start chef-zero on
        --chef-zero-port PORT        Port to start chef-zero on
    -k, --key KEY                    API Client Key
        --[no-]color                 Use colored output, defaults to false on Windows, true otherwise
    -c, --config CONFIG              The configuration file to use
        --defaults                   Accept default values for all questions
    -d, --disable-editing            Do not open EDITOR, just accept the data as is
    -e, --editor EDITOR              Set the editor to use for interactive commands
    -E, --environment ENVIRONMENT    Set the Chef environment (except for in searches, where this will be flagrantly ignored)
    -f, --filename FILENAME          Write private key to FILENAME rather than STDOUT
    -F, --format FORMAT              Which format to use for output
    -z, --local-mode                 Point knife commands at local repository instead of server
    -u, --user USER                  API Client Username
    -o, --orgname ORGNAME            Associate new user to an organization matching ORGNAME
        --print-after                Show the data after a destructive operation
    -V, --verbose                    More verbose output. Use twice for max verbosity
    -v, --version                    Show chef version
    -y, --yes                        Say yes to all prompts for confirmation
    -h, --help                       Show this message

So why is this not working:

sudo chef-server-ctl user-create kenny-evitt Kenny Evitt kenny@example.org '>w3ma}AC@eLAo!nm' --filename /home/kenny/chef-kenny_evitt.key

That's the actual password I was trying to use.

How or why is this not working? Is it not in fact necessary to create an admin user? Or is there some other way to do this? Is the documentation, and the command help text, just wrong?

I installed and configure the latest version of Chef Server (package chef-server-core_12.0.3-1_amd64.deb) on an Ubuntu 14.04 x64 VM running on DigitalOcean.

[stevendanna]

The issue is that the password starts with >. It appears we aren't escaping shell characters before we shell out to the underlying knife-opc commands:

https://github.com/chef/opscode-omnibus/blob/master/files/private-chef-ctl-commands/wrap-knife-opc.rb

Thus, that is being treated as a redirect in the underlying command. My guess is that if you look in the directory where you ran this command, you have a file named: "w3ma}AC@eLAo!nm"

[kenny-evitt]

@stevendanna you're absolutely correct about the file w3ma}AC@eLAo!nm having been created.

[kenny-evitt]

@stevendanna I was able to get this to work by escaping the password:

sudo chef-server-ctl user-create kenny-evitt Kenny Evitt kenny@evitt.org '\>w3ma\}AC\@eLAo\!nm' --filename /home/kenny/chef-kenny_evitt.key --verbose --verbose

I'm going to check that the password matches what I intended.

[stevendanna]

@kenny-evitt Thanks. I've posted a possible fix to the opscode-omnibus repo. As you found, escaping any special shell characters should allow you to work around this issue.

[kenny-evitt]

@stevendanna I was able to login to Chef Manage just now so the password matches.

Should I leave this issue open until a fix has been made?

[stevendanna]

@kenny-evitt Fine to leave it open, I'll close all related issues when the fix is released.

[kenny-evitt]

@stevendanna thanks!