Bug #12940
closed
Deleting a user on the primary node does not delete its home directory on secondary node during XMLRPC sync
Added by Marcos M over 2 years ago.
Updated over 2 years ago.
Plus Target Version:
22.05
Description
In an HA configuration, deleting a user (System / User Manager) will only delete the user home directory on the primary node. This can lead to a permissions issue with ssh keys on the secondary node when a user by the same name is recreated.
- create user1 with ssh key on primary node
- wait for xmlrpc sync then delete user1
/home/user1 still exists on secondary node
- create user1 with ssh key on primary node
- secondary node now has:
ls -la /home/user1/
drwx------ 2 2005 nobody 3 Mar 5 15:55 .ssh
- Subject changed from Home directories for deleted users reamain on secondary node to Deleting a user on the primary node does not delete its home directory on secondary node during XMLRPC sync
- Category changed from High Availability to XMLRPC
- Assignee set to Viktor Gurov
- Status changed from New to Pull Request Review
- Target version set to 2.7.0
- Plus Target Version set to 22.05
This works if the bug was never hit before. If the orphaned directory still exists, creating or deleting a user with the same name will not recreate or delete the .ssh directory. For example:
- Create user1 with SSH key and wait for xmlrpc sync.
- Delete user1.
- Apply patch to both nodes.
- Create user1 with SSH key and wait for xmlrpc sync.
Old .ssh dir with old permissions still exists on backup node.
- Delete user1.
Old .ssh dir with old permissions still exists on backup node.
Marcos Mendoza wrote in #note-5:
This works if the bug was never hit before. If the orphaned directory still exists, creating or deleting a user with the same name will not recreate or delete the .ssh directory. For example:
- Create user1 with SSH key and wait for xmlrpc sync.
- Delete user1.
- Apply patch to both nodes.
- Create user1 with SSH key and wait for xmlrpc sync.
Old .ssh dir with old permissions still exists on backup node.
- Delete user1.
Old .ssh dir with old permissions still exists on backup node.
may be related to #10784
- Status changed from Pull Request Review to Feedback
- Status changed from Feedback to New
Viktor Gurov wrote in #note-6:
Marcos Mendoza wrote in #note-5:
This works if the bug was never hit before. If the orphaned directory still exists, creating or deleting a user with the same name will not recreate or delete the .ssh directory. For example:
- Create user1 with SSH key and wait for xmlrpc sync.
- Delete user1.
- Apply patch to both nodes.
- Create user1 with SSH key and wait for xmlrpc sync.
Old .ssh dir with old permissions still exists on backup node.
- Delete user1.
Old .ssh dir with old permissions still exists on backup node.
may be related to #10784
Confirmed
same issue with ~/.keephistory
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/684
- Status changed from New to Pull Request Review
- Status changed from Pull Request Review to Feedback
Fix was merged + needed a syntax fix.
- Status changed from Feedback to Resolved
Tested on 22.05.a.20220328.0600. Works as expected.
Also available in: Atom
PDF
Updated by 
Updated by Viktor Gurov 
Updated by