On Tuesday, December 16, 2014 4:54:19 AM UTC-6, Brian Keating wrote:
>
> Hi,
> Our security policy states we lock *nix accounts that have no passwords.
> I wrote a bash script that does the job but my onlyif statement isn't
> working. I want it to check and only trigger when true - not every time.
> I'm new to puppet trying to learn how to write 'onlyif' statements - can
> someone point me in the right direction?
>
> Here is manifest - the onlyif statement and the bash
> lock-out-no-password-account.sh script are working in isolation. Augeas
> would be ideal to handle this kind of task but I have yet to find one to
> suit. Help & guidance is appreciated.
>
> exec { 'lock-accout-no-pass' :
> command =>
> "/admin/scripts/lock-out-no-password-account.sh",
> onlyif => "/bin/cat /etc/shadow | /bin/awk -F : '{ print
> $2 }' | /bin/grep ^$ | tail -1 | /bin/grep -c ^$"
> }
>
>
Probably the $2 is being interpolated as an (undefined) Puppet variable, so
that you are running a different command than you suppose. I would in any
case suggest reducing the number of moving parts with a command more like
this:
/bin/grep -q '^[^:]\+::' /etc/shadow
That has the additional advantage of sidestepping the interpolation issue
altogether.
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/ccac6f43-03dc-4aec-aee1-63a7662b2dc8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
