Project

General

Profile

Actions

Bug #12940

closed

Deleting a user on the primary node does not delete its home directory on secondary node during XMLRPC sync

Added by Marcos M almost 3 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Viktor Gurov
Category:
XMLRPC
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
22.05
Release Notes:
Default
Affected Version:
2.6.0
Affected Architecture:

Description

In an HA configuration, deleting a user (System / User Manager) will only delete the user home directory on the primary node. This can lead to a permissions issue with ssh keys on the secondary node when a user by the same name is recreated.

  1. create user1 with ssh key on primary node
  2. wait for xmlrpc sync then delete user1
    /home/user1 still exists on secondary node
  3. create user1 with ssh key on primary node
  4. secondary node now has:
    ls -la /home/user1/
    drwx------  2 2005   nobody     3 Mar  5 15:55 .ssh
    
Actions #1

Updated by Jim Pingle almost 3 years ago

  • Subject changed from Home directories for deleted users reamain on secondary node to Deleting a user on the primary node does not delete its home directory on secondary node during XMLRPC sync
  • Category changed from High Availability to XMLRPC
Actions #2

Updated by Viktor Gurov almost 3 years ago

  • Assignee set to Viktor Gurov
Actions #3

Updated by Jim Pingle almost 3 years ago

  • Status changed from New to Pull Request Review
Actions #4

Updated by Jim Pingle almost 3 years ago

  • Target version set to 2.7.0
  • Plus Target Version set to 22.05
Actions #5

Updated by Marcos M almost 3 years ago

This works if the bug was never hit before. If the orphaned directory still exists, creating or deleting a user with the same name will not recreate or delete the .ssh directory. For example:

  1. Create user1 with SSH key and wait for xmlrpc sync.
  2. Delete user1.
  3. Apply patch to both nodes.
  4. Create user1 with SSH key and wait for xmlrpc sync.
    Old .ssh dir with old permissions still exists on backup node.
  5. Delete user1.
    Old .ssh dir with old permissions still exists on backup node.
Actions #6

Updated by Viktor Gurov over 2 years ago

Marcos Mendoza wrote in #note-5:

This works if the bug was never hit before. If the orphaned directory still exists, creating or deleting a user with the same name will not recreate or delete the .ssh directory. For example:

  1. Create user1 with SSH key and wait for xmlrpc sync.
  2. Delete user1.
  3. Apply patch to both nodes.
  4. Create user1 with SSH key and wait for xmlrpc sync.
    Old .ssh dir with old permissions still exists on backup node.
  5. Delete user1.
    Old .ssh dir with old permissions still exists on backup node.

may be related to #10784

Actions #7

Updated by Viktor Gurov over 2 years ago

  • Status changed from Pull Request Review to Feedback
Actions #8

Updated by Viktor Gurov over 2 years ago

  • Status changed from Feedback to New

Viktor Gurov wrote in #note-6:

Marcos Mendoza wrote in #note-5:

This works if the bug was never hit before. If the orphaned directory still exists, creating or deleting a user with the same name will not recreate or delete the .ssh directory. For example:

  1. Create user1 with SSH key and wait for xmlrpc sync.
  2. Delete user1.
  3. Apply patch to both nodes.
  4. Create user1 with SSH key and wait for xmlrpc sync.
    Old .ssh dir with old permissions still exists on backup node.
  5. Delete user1.
    Old .ssh dir with old permissions still exists on backup node.

may be related to #10784

Confirmed
same issue with ~/.keephistory

fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/684

Actions #9

Updated by Jim Pingle over 2 years ago

  • Status changed from New to Pull Request Review
Actions #10

Updated by Jim Pingle over 2 years ago

  • Status changed from Pull Request Review to Feedback

Fix was merged + needed a syntax fix.

Actions #11

Updated by Marcos M over 2 years ago

  • Status changed from Feedback to Resolved

Tested on 22.05.a.20220328.0600. Works as expected.

Actions

Also available in: Atom PDF