Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

macos_user ignores certain sysadminctl errors, no error raised in Chef run #197

Closed
hawksight opened this issue May 2, 2019 · 2 comments
Closed

macos_user ignores certain sysadminctl errors, no error raised in Chef run #197

hawksight opened this issue May 2, 2019 · 2 comments
Labels
bug

Comments

@hawksight
Copy link

Describe the Bug

When you create a macos_user using the resource from this cookbook, the actual user creation may well fail, but Chef seems to think it has succeeded anyway because the command has run.

For example, if you have configuration to create a user, but the password does not meet the requirements, the command fails. However Chef reports back green and continues with the run.

This is problematic as it lead me to debugging the wrong step of my cookbook, the step after which depended on the success of the previous user creation.

Error Message

An example error message when the password does not meet requirements:

2019-05-02 13:40:31.419 sysadminctl[2801:17519] New account password error.  (5402)

Chef Exception

Looking in the debug logs of a chef-client run:

* execute[add user auser] action run[2019-05-02T13:36:07+01:00] INFO: Processing execute[add user auser] action run (/var/chef/cache/cookbooks/macos/resources/macos_user.rb line 79)

  [execute] 2019-05-02 13:36:08.057 sysadminctl[2180:14017] New account password error.  (5402)
[2019-05-02T13:36:08+01:00] INFO: execute[add user auser] ran successfully
  - execute ["/usr/sbin/sysadminctl", "-adminUser", "admin", "-adminPassword", "redacted", "-addUser", "auser", "-fullName", "Another User", "-password", "redacted", ""]

If you run manually the problem is probably a return code of 0 as shown below:

IMAC4:~ admin$ sudo /usr/sbin/sysadminctl -adminUser admin -adminPassword redacted -addUser auser -fullName "Another User" -password "redacted"
2019-05-02 13:40:31.419 sysadminctl[2801:17519] New account password error.  (5402)
IMAC4:~ admin$ echo $?
0

A good way to recreate is to use green in a password because it defies the consecutive character rule apple have. I guess this only applies when you have no set a custom password policy.

Would there be any way to add validation to the resource after an account is created?
@americanhanko
Copy link
Collaborator

Thanks for the bug submission, @hawksight.

Can you give us some more details about the structure of the password you're passing or the password policy you're using? Are you AD joined or do you have FileVault enabled?

@hawksight
Copy link
Author

Sure. The machine is managed initially by fleetsmith. Filevault is enabled and Firewall.

The password policy setup and enforced with Fleetsmith is as per the screenshot currently.
Screenshot 2019-05-03 at 16 51 42

The actual password I was using was a two word combination with a special and a number. The word that was failing was green as shown when I tried to set this manually on the mac:
Screenshot 2019-05-03 at 16 58 12

Consecutive es

@jazaval jazaval changed the title [BUG] macos_user fails but succeeds in chef macos_user ignores certain sysadminctl errors, no error raised in Chef run May 8, 2019
@jazaval jazaval changed the title macos_user ignores certain sysadminctl errors, no error raised in Chef run macos_user ignores certain sysadminctl errors, no error raised in Chef run May 8, 2019
@jazaval jazaval mentioned this issue Mar 5, 2022
Merged
@jazaval jazaval mentioned this issue Mar 29, 2022
Merged
@jazaval jazaval closed this as completed Apr 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@americanhanko @hawksight @jazaval