Cfengine Help: Re: Loop through file in cfengine3?

Wed, 28 Jul 2010 07:20:42 -0700 

Forum: Cfengine Help
Subject: Re: Loop through file in cfengine3?
Author: ryan.c.ander...@gmail.com
Link to topic: https://cfengine.com/forum/read.php?3,16856,17801#msg-17801

I have found a solution that lets me update the contents of the shadow file for 
any number of users I like by reading a shadow-formatted file, and updating the 
corresponding fields in the actual /etc/shadow file. Here's the code:

# Update passwords in /etc/shadow. For this to work, a shadow-formatted
# file for servers and workstations must exist on the cfengine master server
# in $(masterfiles)/passwords as
# shadow_servers and shadow_workstations.
#
# This file is copied locally to /var/cfengine/local/cfshadow, then
# it is read into an array and /etc/shadow is updated accordingly.


bundle agent passwords {
files:

        # Copy in a shadow-formatted file with local users
        # you want to update here
        servers::
        "/var/cfengine/local/cfshadow"
                perms => system("0440","root","root"),
                copy_from => mycopy("${g.masterfiles}/passwords/shadow_server", 
"${g.phost}");

        !servers::
        "/var/cfengine/local/cfshadow"
                perms => system("0440","root","root"),
                copy_from => 
mycopy("${g.masterfiles}/passwords/shadow_workstation", "${g.phost}");

        # Edit the shadow file!
        any::
        "/etc/shadow"
                comment => "Updating passwords in /etc/shadow",
                edit_line => set_shadow;

}



bundle edit_line set_shadow {

vars:
        # This slurps our source file into an array
        "myshadow" int => readstringarray("myshadow_array",
                        "/var/cfengine/local/cfshadow",
                        "#[^\n]*",":",200,10000);

        "shadow_users" slist => getindices("myshadow_array");


field_edits:

        # We can selectively edit by hard-coding, like this
        #"root:.*"
        #       edit_field => col(":","2","$(myshadow_array[1])","set");

        # This promises that any user in the array (field 0) will make the
        # source shadow entry, from field 1 in in the array, match to field
        # 2 in /etc/shadow
        "$(myshadow_array[$(shadow_users)][0]):.*"
                edit_field => 
col(":","2","$(myshadow_array[$(shadow_users)][1])","set");

}

_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine

Reply via email to