using augeas to add a user to the system

By thomas, 18 March, 2013

The scenario is that users are controlled by sssd and you want to add a user locally for those times when your connection to your password backend goes down. Useradd won't let you do it though, cause the user already exists. I figured augeas would be the perfect way to do that but I kept hitting a problem, augeas would fail.


augtool> save
error: Failed to execute command
saving failed (run 'print /augeas//error' for details)
augtool> print /augeas//error
/augeas/files/etc/passwd/error = "put_failed"
/augeas/files/etc/passwd/error/path = "/files/etc/passwd/tuphill"
/augeas/files/etc/passwd/error/lens = "/usr/share/augeas/lenses/dist/passwd.aug:33.18-41.21:"
/augeas/files/etc/passwd/error/message = "Failed to match \n { /password/ = /([^\\001-\\004\\n:]+)?/ }{ /uid/ = /[0-9]+/ }{ /gid/ = /[0-9]+/ }{ /name/ = /([^\\001-\\004\\n:]+)?/ }{ /home/ = /([^\\001-\\004\\n:]+)?/ }{ /shell/ = /([^\\001-\\004\\t\\n ][^\\001-\\004\\n]*[^\\001-\\004\\t\\n ]|[^\\001-\\004\\t\\n ])?/ }\n with tree\n { \"shell\" = \"/bin/bash\n\" } { \"name\" = \"tuphill\" } { \"password\" = \"x\" } { \"uid\" = \"500\" }"

After a bit of staring I realized the answer was right in front of me, the order in which you add the fields to the record is important. The lens has the order set but when I add to the record using augtool, the order is just whatever I happened to do...so the following is the correct way to get everything in order.

augtool> ins tuphill after /files/etc/passwd/*[last()]
augtool> set /files/etc/passwd/tuphill/password x
augtool> set /files/etc/passwd/tuphill/uid 500
augtool> set /files/etc/passwd/tuphill/gid 500
augtool> set /files/etc/passwd/tuphill/name tuphill
augtool> set /files/etc/passwd/tuphill/home /home/tuphill
augtool> set /files/etc/passwd/tuphill/shell /bin/bash
augtool> save
Saved 1 file(s)

Now I can get rid of my stopping of sssd before adding the user. Next is to rewrite this as a defined type in puppet so I can just do something like

aug_user {'tuphill':
uid => 500,
gid => 500,
password => 'x',
home => '/home/tuphill',
shell => '/bin/bash'