From 41a4b25e3fe64dbb9a26b1ea4179650a9d0a8833 Mon Sep 17 00:00:00 2001
From: Erik Tate <erik.tate@goteleport.com>
Date: Thu, 29 Aug 2024 12:28:54 -0400
Subject: [PATCH] returns trace.BadParameter error when adding group with
 invalid name

---
 lib/srv/usermgmt.go         |  8 +++++++-
 lib/utils/host/hostusers.go | 10 ++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/lib/srv/usermgmt.go b/lib/srv/usermgmt.go
index 924ea368de0fc..dca650ff9e6c1 100644
--- a/lib/srv/usermgmt.go
+++ b/lib/srv/usermgmt.go
@@ -451,11 +451,17 @@ func (u *HostUserManagement) createGroupIfNotExist(group string) error {
 	if err != nil && !isUnknownGroupError(err, group) {
 		return trace.Wrap(err)
 	}
+
 	err = u.backend.CreateGroup(group, "")
 	if trace.IsAlreadyExists(err) {
 		return nil
 	}
-	return trace.Wrap(err)
+
+	if err != nil {
+		return trace.Errorf("while creating group %q %w", group, err)
+	}
+
+	return nil
 }
 
 // isUnknownGroupError returns whether the error from LookupGroup is an unknown group error.
diff --git a/lib/utils/host/hostusers.go b/lib/utils/host/hostusers.go
index 92b2bd15e90b9..e3d1d13397674 100644
--- a/lib/utils/host/hostusers.go
+++ b/lib/utils/host/hostusers.go
@@ -32,6 +32,7 @@ import (
 
 // man GROUPADD(8), exit codes section
 const GroupExistExit = 9
+const GroupInvalidArg = 3
 
 // man USERADD(8), exit codes section
 const UserExistExit = 9
@@ -56,6 +57,15 @@ func GroupAdd(groupname string, gid string) (exitCode int, err error) {
 	if cmd.ProcessState.ExitCode() == GroupExistExit {
 		return cmd.ProcessState.ExitCode(), trace.AlreadyExists("group already exists")
 	}
+
+	if cmd.ProcessState.ExitCode() == GroupInvalidArg {
+		errMsg := "bad parameter"
+		if strings.Contains(string(output), "not a valid group name") {
+			errMsg = "invalid group name"
+		}
+		return cmd.ProcessState.ExitCode(), trace.BadParameter(errMsg)
+	}
+
 	return cmd.ProcessState.ExitCode(), trace.Wrap(err)
 }