Solaris support

[deric]

Support group management on Solaris, which doesn't have gpasswd.

[redno2]

Thanks to open enhancement! Just a question, why you don't use directly usermod instead of gpasswd? usermod is on whole Linux/Unix system, and you can manage group of users whit it. On Solaris I need to modify the gpasswd.rb (I'm not an Ruby expert...) to use like this:

• Change primary group of user foo to group bob usermod -g bob foo
• Add user foo to only group bob usermod -G bob foo
• Remove all secondary group of user foo usermod -G '' foo
• Setup all groups to user foo usermod -G bob,other,postgres,X foo

I'll change the ruby code, I need call whole groups for a specific user.

[deric]

Good question. If I recall it correctly the original motivation was to replace group management functionality which isn't really working in Puppet. I found an alternative implementation of group management and from that I started verifying if something like that would actually work. I ended up using gpasswd and it seems to be working. There was no reason to replace it.

Anyway we have an API and the underlying implementation could be changed or there might use different commands for each platform. The puppet's implementation also doesn't support all features on Solaris. The hardest part is testing and making sure that a small change won't break existing installations.

Solaris uses different kernel than other Linux distributions, thus we can't use automated Docker tests. Probably using VirtualBox will be necessary.

[deric]

@redno2 I've refactored group provider to work with usermod. The effort is currently tracked in 1.6 branch.

The problematic part is ensuring explicit members of a given group. This is nice:

usermod -G bob,other,postgres,X foo

but the management currently works in an inverse way. For given group e.g. postgres set all members. Which I don't know how to do with usermod without generating too many unnecessary changes.

[deric]

Btw. according to Puppet docs on Solaris provider user_role_add is used. Best solution would be not to override provider and just use provider shipped with Puppet.