Open Bonifucksy opened 1 year ago
Folks, I did some additional testing on this. In addition to the returning wrong usernames for users with same UID, the module returns usernames only if a user with the same UID exists in System zone and it returns null if you have a user with unique UID in a non-system zone. Check this out:
Custom zone user with non-unique UID:
--------------------------------------------------------------------------------
Name: user_auto_uid
DN: CN=user_auto_uid,CN=Users,DC=DBISILONSIMULATOR
DNS Domain: -
Domain: DBISILONSIMULATOR
Provider: lsa-local-provider:zoneinsidezone
Sam Account Name: user_auto_uid
UID: 2001
SID: S-1-5-21-2000583827-658865485-2256679347-1006
Enabled: No
Expired: No
Expiry: -
Locked: No
Email: -
GECOS: -
Generated GID: No
Generated UID: No
Generated UPN: Yes
Primary Group
ID: GID:1800
Name: Isilon Users
Home Directory: /ifs/testzone/zoneinsidezone/home/user_auto_uid
Max Password Age: 4W
Password Expired: No
Password Expiry: 2022-09-23T18:00:07
Password Last Set: 2022-09-23T17:28:47
Password Expires: No
Shell: /bin/zsh
UPN: user_auto_uid@DBISILONSIMULATOR
User Can Change Password: Yes
--------------------------------------------------------------------------------
System zone user with the same UID:
--------------------------------------------------------------------------------
Name: winscp_user
DN: CN=winscp_user,CN=Users,DC=DBISILONSIMULATOR
DNS Domain: -
Domain: DBISILONSIMULATOR
Provider: lsa-local-provider:System
Sam Account Name: winscp_user
UID: 2001
SID: S-1-5-21-1442644921-1582277087-1925991597-1002
Enabled: Yes
Expired: No
Expiry: -
Locked: No
Email: -
GECOS: -
Generated GID: No
Generated UID: No
Generated UPN: Yes
Primary Group
ID: GID:1800
Name: Isilon Users
Home Directory: /ifs/home/winscp_user
Max Password Age: 4W
Password Expired: No
Password Expiry: 2022-09-23T18:04:08
Password Last Set: 2021-10-28T14:00:34
Password Expires: No
Shell: /bin/zsh
UPN: winscp_user@DBISILONSIMULATOR
User Can Change Password: Yes
--------------------------------------------------------------------------------
Custom zone user with unique UID:
--------------------------------------------------------------------------------
Name: user3k2
DN: CN=user3k2,CN=Users,DC=DBISILONSIMULATOR
DNS Domain: -
Domain: DBISILONSIMULATOR
Provider: lsa-local-provider:zoneinsidezone
Sam Account Name: user3k2
UID: 3758
SID: S-1-5-21-2000583827-658865485-2256679347-1007
Enabled: No
Expired: No
Expiry: -
Locked: No
Email: -
GECOS: -
Generated GID: No
Generated UID: No
Generated UPN: Yes
Primary Group
ID: GID:1800
Name: Isilon Users
Home Directory: /ifs/testzone/zoneinsidezone/home/user3k2
Max Password Age: 4W
Password Expired: No
Password Expiry: 2022-09-23T18:00:07
Password Last Set: 2022-09-23T17:32:03
Password Expires: No
Shell: /bin/zsh
UPN: user3k2@DBISILONSIMULATOR
User Can Change Password: Yes
--------------------------------------------------------------------------------
Directory on the cluster:
mkdir /ifs/testzone/zoneinsidezone/uid_test_folder
chmod -R +a user 'user3k2' allow dir_gen_read /ifs/testzone/zoneinsidezone/uid_test_folder
chmod -R +a user 'user_auto_uid' allow dir_gen_read,dir_gen_write /ifs/testzone/zoneinsidezone/uid_test_folder
DBISILONSIMULATOR-1# ls -led /ifs/testzone/zoneinsidezone/uid_test_folder
drwxrw---- + 2 root wheel 0 Sep 23 18:09 /ifs/testzone/zoneinsidezone/uid_test_folder
OWNER: user:root
GROUP: group:wheel
0: user:user_auto_uid allow dir_gen_read,dir_gen_write
1: user:user3k2 allow dir_gen_read
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow std_read_dac,std_synchronize,dir_read_attr
The module returns a wrong username (one from System zone instead of from the custome zone) for one user and just null for another user:
...
"namespace_acl": {
"acl": [
{
"accessrights": [
"dir_gen_read",
"dir_gen_write"
],
"accesstype": "allow",
"inherit_flags": [],
"op": null,
"trustee": {
"id": "UID:2001",
"name": "winscp_user",
"type": "user"
}
},
{
"accessrights": [
"dir_gen_read"
],
"accesstype": "allow",
"inherit_flags": [],
"op": null,
"trustee": {
"id": "UID:3758",
"name": null,
"type": null
}
}
...
Hey folks, any news on that bug?
@Bonifucksy, sorry for a much delayed response. This is due to an issue with the platform REST API. We are in discussion with the platform team, however at this point in time there is no ETA for the fix.
Describe the bug When you have local users in System zone with the same UID as users in the custom zone, and you add custom zone's users to ACL permissions to a directory in the custom zone, then get this directory details with FS module - FS module returns System zone usernames.
To Reproduce Steps to reproduce the behavior:
User Can Change Password: Yes
User Can Change Password: Yes
User Can Change Password: Yes
User Can Change Password: Yes
DBISILONSIMULATOR-1# ls -led /ifs/testzone/zoneinsidezone/zoneinsidezoneinsidezone/sharelvl3 drwxrw---- + 2 root wheel 0 Sep 22 12:00 /ifs/testzone/zoneinsidezone/zoneinsidezoneinsidezone/sharelvl3 OWNER: user:root GROUP: group:wheel 0: user:anotheruser3 allow dir_gen_write,std_delete 1: user:Guest allow dir_gen_read,dir_gen_write,std_delete 2: user:lvl3user allow dir_gen_write,std_delete 3: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child 4: group:wheel allow std_read_dac,std_synchronize,dir_read_attr
ok: [DBISILONSIMULATOR] => { "add_quota": "", "changed": false, "create_filesystem": "", "delete_filesystem": "", "delete_quota": "", "filesystem_details": { "attrs": [ ... "namespace_acl": { "acl": [ { "accessrights": [ "dir_gen_write", "std_delete" ], "accesstype": "allow", "inherit_flags": [], "op": null, "trustee": { "id": "UID:2001", "name": "winscp_user", "type": "user" } }, { "accessrights": [ "dir_gen_read", "dir_gen_write", "std_delete" ], "accesstype": "allow", "inherit_flags": [], "op": null, "trustee": { "id": "UID:1501", "name": "Guest", "type": "user" } }, { "accessrights": [ "dir_gen_write", "std_delete" ], "accesstype": "allow", "inherit_flags": [], "op": null, "trustee": { "id": "UID:2000", "name": "ansible_user", "type": "user" } }, { "accessrights": [ "dir_gen_read", "dir_gen_write", "dir_gen_execute", "std_write_dac", "delete_child" ], "accesstype": "allow", "inherit_flags": [], "op": null, "trustee": { "id": "UID:0", "name": "root", "type": "user" } }, { "accessrights": [ "std_read_dac", "std_synchronize", "dir_read_attr" ], "accesstype": "allow", "inherit_flags": [], "op": null, "trustee": { "id": "GID:0", "name": "wheel", "type": "group" } } ],