Bug #12940
closedDeleting a user on the primary node does not delete its home directory on secondary node during XMLRPC sync
0%
Description
In an HA configuration, deleting a user (System / User Manager) will only delete the user home directory on the primary node. This can lead to a permissions issue with ssh keys on the secondary node when a user by the same name is recreated.
- create user1 with ssh key on primary node
- wait for xmlrpc sync then delete user1
/home/user1
still exists on secondary node - create user1 with ssh key on primary node
- secondary node now has:
ls -la /home/user1/ drwx------ 2 2005 nobody 3 Mar 5 15:55 .ssh
Updated by Jim Pingle almost 3 years ago
- Subject changed from Home directories for deleted users reamain on secondary node to Deleting a user on the primary node does not delete its home directory on secondary node during XMLRPC sync
- Category changed from High Availability to XMLRPC
Updated by Viktor Gurov almost 3 years ago
- Assignee set to Viktor Gurov
Updated by Jim Pingle almost 3 years ago
- Status changed from New to Pull Request Review
Updated by Jim Pingle almost 3 years ago
- Target version set to 2.7.0
- Plus Target Version set to 22.05
Updated by Marcos M almost 3 years ago
This works if the bug was never hit before. If the orphaned directory still exists, creating or deleting a user with the same name will not recreate or delete the .ssh directory. For example:
- Create user1 with SSH key and wait for xmlrpc sync.
- Delete user1.
- Apply patch to both nodes.
- Create user1 with SSH key and wait for xmlrpc sync.
Old .ssh dir with old permissions still exists on backup node. - Delete user1.
Old .ssh dir with old permissions still exists on backup node.
Updated by Viktor Gurov over 2 years ago
Marcos Mendoza wrote in #note-5:
This works if the bug was never hit before. If the orphaned directory still exists, creating or deleting a user with the same name will not recreate or delete the .ssh directory. For example:
- Create user1 with SSH key and wait for xmlrpc sync.
- Delete user1.
- Apply patch to both nodes.
- Create user1 with SSH key and wait for xmlrpc sync.
Old .ssh dir with old permissions still exists on backup node.- Delete user1.
Old .ssh dir with old permissions still exists on backup node.
may be related to #10784
Updated by Viktor Gurov over 2 years ago
- Status changed from Pull Request Review to Feedback
Updated by Viktor Gurov over 2 years ago
- Status changed from Feedback to New
Viktor Gurov wrote in #note-6:
Marcos Mendoza wrote in #note-5:
This works if the bug was never hit before. If the orphaned directory still exists, creating or deleting a user with the same name will not recreate or delete the .ssh directory. For example:
- Create user1 with SSH key and wait for xmlrpc sync.
- Delete user1.
- Apply patch to both nodes.
- Create user1 with SSH key and wait for xmlrpc sync.
Old .ssh dir with old permissions still exists on backup node.- Delete user1.
Old .ssh dir with old permissions still exists on backup node.may be related to #10784
Confirmed
same issue with ~/.keephistory
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/684
Updated by Jim Pingle over 2 years ago
- Status changed from New to Pull Request Review
Updated by Jim Pingle over 2 years ago
- Status changed from Pull Request Review to Feedback
Fix was merged + needed a syntax fix.
Updated by Marcos M over 2 years ago
- Status changed from Feedback to Resolved
Tested on 22.05.a.20220328.0600
. Works as expected.