[BUG] Saltstack's `user.present` Module Doesn't Like a `$HOME` of `/dev/null`
ferricoxide opened this issue · 0 comments
ferricoxide commented
Describe the bug
The el8/STIGbyID/cat2/RHEL-08-020180.sls errors out when attempting to remediate the tss user account with the Saltstack user.present module.
Severity
Causes fatal error in execution of watchmaker
To Reproduce
Steps to reproduce the behavior:
- Provision a CentOS 8-stream or Oracle Linux 8 system
- Run watchmaker in either highstate or just the
el8.STIGbyID.cat2.RHEL-08-020180state. - Wait for watchmaker to exit (non-zero)
- Review execution-logs and find output similar to:
2023-04-25 17:57:28,678 [watchmaker][CRITICAL][6597]: Traceback (most recent call last): File "/usr/local/bin/watchmaker", line 8, in <module> sys.exit(main()) File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1130, in __call__ return self.main(*args, **kwargs) File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1055, in main rv = self.invoke(ctx) File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1404, in invoke return ctx.invoke(self.callback, **ctx.params) File "/usr/local/lib/python3.9/site-packages/click/core.py", line 760, in invoke return __callback(*args, **kwargs) File "/usr/local/lib/python3.9/site-packages/watchmaker/cli.py", line 115, in main sys.exit(watchmaker_client.install()) File "/usr/local/lib/python3.9/site-packages/watchmaker/__init__.py", line 410, in install workers_manager.worker_cadence() File "/usr/local/lib/python3.9/site-packages/watchmaker/managers/worker_manager.py", line 64, in worker_cadence worker.install() File "/usr/local/lib/python3.9/site-packages/watchmaker/workers/salt.py", line 817, in install self.process_states(self.salt_states, self.exclude_states) File "/usr/local/lib/python3.9/site-packages/watchmaker/workers/salt.py", line 631, in process_states raise WatchmakerError( watchmaker.exceptions.WatchmakerError: Salt state execution failed: Set minimum password lifetime for tss: __id__: Set minimum password lifetime for tss __run_num__: 84 __sls__: ash-linux.el8.STIGbyID.cat2.RHEL-08-020180 changes: {} comment: "An exception occurred in this state: Traceback (most recent call\ \ last):\n File \"salt/state.py\", line 2276, in call\n ret = self.states[cdata[\"\ full\"]](\n File \"salt/loader/lazy.py\", line 149, in __call__\n \ \ return self.loader.run(run_func, *args, **kwargs)\n File \"salt/loader/lazy.py\"\ , line 1228, in run\n return self._last_context.run(self._run_as, _func_or_method,\ \ *args, **kwargs)\n File \"salt/loader/lazy.py\", line 1243, in _run_as\n\ \ return _func_or_method(*args, **kwargs)\n File \"salt/loader/lazy.py\"\ , line 1276, in wrapper\n return f(*args, **kwargs)\n File \"/opt/saltstack/salt/run/salt/states/user.py\"\ , line 658, in present\n __salt__[\"file.mkdir\"](val, pre[\"uid\"\ ], pre[\"gid\"], 0o755)\n File \"salt/loader/lazy.py\", line 149, in\ \ __call__\n return self.loader.run(run_func, *args, **kwargs)\n File\ \ \"salt/loader/lazy.py\", line 1228, in run\n return self._last_context.run(self._run_as,\ \ _func_or_method, *args, **kwargs)\n File \"salt/loader/lazy.py\", line\ \ 1243, in _run_as\n return _func_or_method(*args, **kwargs)\n File\ \ \"/opt/saltstack/salt/run/salt/modules/file.py\", line 6458, in mkdir\n\ \ makedirs_perms(directory, user, group, mode)\n File \"/opt/saltstack/salt/run/salt/modules/file.py\"\ , line 6550, in makedirs_perms\n os.mkdir(name)\nFileExistsError: [Errno\ \ 17] File exists: '/dev/null'\n" duration: 23.917 name: tss result: false
Expected behavior
All users should either show that their mindays password-aging attribute has been updated or has been skipped due to specific reasons.
Deviance Description
Accounts, like the tss user, that have /dev/null as their ${HOME} cause the Saltstack user.present module to fail
Screenshots
Additional context
Fix Suggestions
Add a further onlyif condition to cause accounts with /dev/null as their ${HOME} to be skipped.