Forum: Cfengine Help
Subject: Re: 3.0.2 too old?
Author: regan99
Link to topic: https://cfengine.com/forum/read.php?3,20392,21218#msg-21218
I guess I spoke too soon. I thought I understood and correctly implemented
this, but now I notice that it does everything except for updating the password
field in /etc/shadow (using the solution posted by zzamboni above). If I run
the following test, just to modify the password field for a single user, it
works exactly as expected:
body common control
{
bundlesequence => { "test" };
inputs => { "/usr/local/share/doc/cfengine/inputs/cfengine_stdlib.cf" };
}
bundle agent test
{
files:
"/etc/shadow"
comment => "Set the root password...",
edit_line => set_user_field("rob",2,"$1$GLeUVHA8$rL7VMZ4Qb.vVLLJdqeJx6.");
}
I can see that it matched a line in /etc/shadow, and changed field 2:
community> *****************************************************************
community> BUNDLE test
community> *****************************************************************
community>
community>
community> + Private classes augmented:
community>
community> - Private classes diminished:
community>
community>
community>
community> =========================================================
community> files in bundle test (1)
community> =========================================================
community>
community>
community> .........................................................
community> Promise handle:
community> Promise made by: /etc/shadow
community>
community> Comment: Set the password...
community> .........................................................
community>
community> -> Using literal pathtype for /etc/shadow
community> -> Handling file existence constraints on /etc/shadow
community> -> Handling file edits in edit_line bundle set_user_field
community>
community> * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* *
community> BUNDLE set_user_field(
{'rob','2','$1$GLeUVHA8$rL7VMZ4Qb.vVLLJdqeJx6.'} )
community> * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* *
community>
community> Initiate variable convergence...
community> ? Augment scope set_user_field with user (s)
community> ? Augment scope set_user_field with field (s)
community> ? Augment scope set_user_field with val (s)
community> ?? Private class context
community>
community>
community> = = = = = = = = = = = = = = = = = = = = = = = = = = = =
community> field_edits in bundle set_user_field
community> = = = = = = = = = = = = = = = = = = = = = = = = = = = =
community>
community>
community> .........................................................
community> Promise handle:
community> Promise made by: rob:.*
community>
community> Comment: Edit a user attribute in the password file
community> .........................................................
community>
community> - Matched line (rob:!!:15051:0:99999:7:::)
community> -> Stopped at field 2
community> -> Setting field sub-value $1$GLeUVHA8$rL7VMZ4Qb.vVLLJdqeJx6. in
/etc/shadow
community> -> Edited field inside file object /etc/shadow
However, when I execute the bundle that adds the user, the user adding portion
behaves as expected, but the promise made by "/etc/shadow" has "-> This promise
has already been verified" below it, no match is found in the shadow file, and
the password is not updated. I think I'm a little confused about how these
bundles are being executed. Any idesas as to why I'm not able to get the
password updated?
-Rob
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
