Next fun topic for today: our security folks want to change all the
/sbin/nologin and related shells to /dev/null. Augeas seems the perfect
tool for this, but I'm having a devil of a time getting close to something
that'll work:
augeas { 'fix-bad-passwd-shells':
context => "/files/etc/passwd",
changes => "set */shell[.='/sbin/nologin'] /dev/null",
onlyif => "match */shell[.='/sbin/nologin'] size > 0",
}
I really wanted my onlyif to look more like:
onlyif => "match */shell includes nologin"
to catch other variations (like /usr/sbin/nologin), but that didn't work at
all. Is there a way to make that work?
And this match works in augtool and when I run puppet, but the "set"
doesn't. It just doesn't do anything. I think I'm close -- any augeas
experts care to show me the error of my ways? This really feels like black
magic.
Bret
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/ca56fd84-1395-49e7-a547-efbbaf47dae4%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
