Re: [Puppet Users] Augeas type to edit/append to /etc/pam.d/sshd

Mon, 04 Oct 2010 09:26:24 -0700 

On Oct 4, 2010, at 9:00 AM, luke.bigum wrote:

> Hi all,
> 
> I'm trying to do something that should be pretty simple but can't
> figure it out.
> 
> I want to append a line to /etc/pam.d/sshd if a line with a certain
> module doesn't exist.
> 
> What I would like to work is this:
> 
>  augeas { sshd_pam_mkhomedir:
>    context => "/files/etc/pam.d/sshd",
>    changes => [
>      "set *[module = 'pam_mkhomedir.so']/type session",
>      "set *[module = 'pam_mkhomedir.so']/control required",
>      "set *[module = 'pam_mkhomedir.so']/module pam_mkhomedir.so",
>      "set *[module = 'pam_mkhomedir.so']/argument[1] umask=0022",
>    ],
> }
> 
> That "*[module = foo]" fails to match and create a new line, even in
> augtool. This doesn't work either:
> 
> augtool> set /files/etc/pam.d/sshd/*[last()+1]/type session
> Failed
> 
> Nor can I get an insert to work, as to do that I'd need to know the
> number of entries that already exist in the file in order to create
> the next one.
> 
> If no one's already got a solution to this I'll have to ask on augeas-
> devel.
> 
> Thanks,
> 
> -Luke

For people trying to help, here's an example:

augtool> ls /files/etc/pam.d/sshd/
#comment[1] = PAM configuration for the Secure Shell service
#comment[2] = Read environment variables from /etc/environment and
#comment[3] = /etc/security/pam_env.conf.
1/ = (none)
#comment[4] = In Debian 4.0 (etch), locale-related environment variables were 
moved to
#comment[5] = /etc/default/locale, so read that as well.
2/ = (none)
#comment[6] = Standard Un*x authentication.
include[1] = common-auth
#comment[7] = Disallow non-root logins when /etc/nologin exists.
3/ = (none)

augtool> ls /files/etc/pam.d/sshd/3
type = session
control = required
module = pam_limits.so

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Reply via email to