From 711bae18151f8f090d63c0e4d3d2521d68ce8f51 Mon Sep 17 00:00:00 2001
From: Erik Tate <erik.tate@goteleport.com>
Date: Thu, 29 Aug 2024 12:28:54 -0400
Subject: [PATCH] returns trace.BadParameter error when adding group with
 invalid name

---
 lib/srv/usermgmt.go         |  4 +++-
 lib/utils/host/hostusers.go | 16 +++++++++++++---
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/lib/srv/usermgmt.go b/lib/srv/usermgmt.go
index 924ea368de0f..a64f8b54e8f2 100644
--- a/lib/srv/usermgmt.go
+++ b/lib/srv/usermgmt.go
@@ -451,11 +451,13 @@ func (u *HostUserManagement) createGroupIfNotExist(group string) error {
 	if err != nil && !isUnknownGroupError(err, group) {
 		return trace.Wrap(err)
 	}
+
 	err = u.backend.CreateGroup(group, "")
 	if trace.IsAlreadyExists(err) {
 		return nil
 	}
-	return trace.Wrap(err)
+
+	return trace.Wrap(err, "%q", group)
 }
 
 // isUnknownGroupError returns whether the error from LookupGroup is an unknown group error.
diff --git a/lib/utils/host/hostusers.go b/lib/utils/host/hostusers.go
index 92b2bd15e90b..2685841990ad 100644
--- a/lib/utils/host/hostusers.go
+++ b/lib/utils/host/hostusers.go
@@ -32,6 +32,7 @@ import (
 
 // man GROUPADD(8), exit codes section
 const GroupExistExit = 9
+const GroupInvalidArg = 3
 
 // man USERADD(8), exit codes section
 const UserExistExit = 9
@@ -53,10 +54,19 @@ func GroupAdd(groupname string, gid string) (exitCode int, err error) {
 	cmd := exec.Command(groupaddBin, args...)
 	output, err := cmd.CombinedOutput()
 	log.Debugf("%s output: %s", cmd.Path, string(output))
-	if cmd.ProcessState.ExitCode() == GroupExistExit {
-		return cmd.ProcessState.ExitCode(), trace.AlreadyExists("group already exists")
+
+	switch code := cmd.ProcessState.ExitCode(); code {
+	case GroupExistExit:
+		return code, trace.AlreadyExists("group already exists")
+	case GroupInvalidArg:
+		errMsg := "bad parameter"
+		if strings.Contains(string(output), "not a valid group name") {
+			errMsg = "invalid group name"
+		}
+		return code, trace.BadParameter(errMsg)
+	default:
+		return code, trace.Wrap(err)
 	}
-	return cmd.ProcessState.ExitCode(), trace.Wrap(err)
 }
 
 // UserAdd creates a user on a host using `useradd`