Looking over the documentation, I think this code has a file handle leak; you are supposed to call Etc.endpwent() to close the file.
It looks to me like the Etc module is too low-level to be appropriate for this use case. Also, the documentation is not clear on whether it uses nsswitch, or reads /etc/passwd directly. Using nsswitch would pick up users from sources like LDAP, winbindd or other sources.
Kevin Keane
The NetTech
Our values: Privacy, Liberty, Justice
See https://www.4nettech.com/corp/the-nettech-values.html
-----Original message-----
From: Matthew Moretti werebus@gmail.com
Sent: Sunday 1st March 2015 19:54
To: chef@lists.opscode.com
Subject: [chef] Re: Re: Re: Re: How to detect user does exist?
Documentation for Ruby’s ‘Etc’ module is here http://ruby-doc.org/stdlib-2.0/libdoc/etc/rdoc/Etc.html . You could use it in place of your shell guard like so:
group “sensu” do
action :modify
members "vagrant"
append true
only_if { Etc.getpwnam(‘vagrant’) rescue false }
end
The “rescue” is required because .getpwnam raises an exception if the user can’t be found. If you want to avoid the sin of in-line “rescue”, this is a bit better:
group “sensu” do
action :modify
members "vagrant"
append true
only_if do
begin
Etc.getpwnam(‘vagrant’)
rescue ArgumentError
false
end
end
end
I’ll be honest, I prefer the “getent passwd vagrant” solution more. It’s easier to read, and isn’t any less efficient or more platform dependent than the Ruby solution as far as I can tell.
Matt Moretti
On Sun, Mar 1, 2015 at 8:47 PM, Anthony Kong <anthony.hw.kong@gmail.com mailto:anthony.hw.kong@gmail.com > wrote:
Hi Mark,
Can you shed more light on it? Do you have a url to the documentation or some example?
Cheers,
Tony Kong
blog: www.ahwkong.com http://www.ahwkong.com
linkedin: www.linkedin.com/in/anthonykong http://www.linkedin.com/in/anthonykong
Don’t EVER make the mistake that you can design something better than what you get from ruthless massively parallel trial-and-error with a feedback cycle. That’s giving your intelligence much too much credit.
- Linus Torvalds
On Mon, Mar 2, 2015 at 4:12 AM, Mark Pimentel <markpimentel22@gmail.com mailto:markpimentel22@gmail.com > wrote:
For a more ruby-esque way you can use the built-in method Etc.
On Feb 28, 2015 5:56 PM, “Eric Helgeson” <erichelgeson@gmail.com mailto:erichelgeson@gmail.com > wrote:
Hey Anthony,
You can use a guard in this case to check and execute the resource ‘only_if’ the condition is true. You can use ruby or specify a command.
$ cat test.rb
group "sensu" do
action :modify
members "vagrant"
append true
only_if "getent passwd vagrant"
end
$ chef-apply test.rb
Recipe: (chef-apply cookbook)::(chef-apply recipe)
* group[sensu] action modify (skipped due to only_if)
More info on Guards - https://docs.chef.io/resource_common.html#guards
Grabbed the guard form this post - http://stackoverflow.com/questions/24856339/chef-initialize-new-linux-user-if-it-doesnt-already-exist http://stackoverflow.com/questions/24856339/chef-initialize-new-linux-user-if-it-doesnt-already-exist
HTH
-Eric Helgeson
@nulleric
http://usingchef.com http://usingchef.com
On Sat, Feb 28, 2015 at 4:42 PM, Anthony Kong <anthony.hw.kong@gmail.com mailto:anthony.hw.kong@gmail.com > wrote:
Hi
I have this definition on my cookbook
group “sensu” do
action :modify
members “vagrant”
append true
end
it will throw an exception when I run it on ec2 because there is no user vagrant
How can I avoid the exception? Is there any way to detect the user exist? I have checked the doc https://docs.chef.io/resource_group.html but there is nothing obvious
Cheers,