[Puppet Users] Re: removing "minimum_uid=1000" value from all my pam config files

Fri, 31 Mar 2017 07:56:47 -0700 

On Thursday, March 30, 2017 at 1:58:46 PM UTC-4, Peter K wrote:
>
> I'm trying to remove a specific configuration value, "minimum_uid=1000", 
> from multiple lines in several files (currently 5 files) in /etc/pam.d/.
> A typical line looks like this:
> auth     [success=1 default=ignore]      pam_ldap.so use_first_pass 
> minimum_uid=1000
>
> I've tried exec and sed, but I couldn't figure out the necessary escaping 
> to get the filename variable to parse (here I test with 'abc'):
> define removeMinimumUID(){
>     exec { '${filename}':
>       command => "/usr/bin/sed -i \'s|abc|cab|g\' ${filename}",
>       onlyif => '/usr/bin/test -e ${filename}',
>       refresh => '/usr/bin/true',
>       provider => 'posix',
>       logoutput => on_failure,
>     }
> }
>
> RemoveMinimumUID { "/mnt/NY_Interactive/dev/peter/puppet/abc.txt": }
>
> Error:
> Executing: '/usr/bin/sed -i 's|abc|cab|g' '^[[0m
> ^[[mNotice: 
> /Stage[main]/Main/Removeminimumuid[/mnt/NY_Interactive/dev/peter/puppet/abc.txt]/Exec[${filename}]/returns:
>  
> /usr/bin/sed: no input files^[[0m
>
> If I substitute the fully qualified filename with the filename variable on 
> the 'commmand' parameter line, the script runs fine.
>
>
>
> Then I tried stdlibs' file_line but I couldn't figure out how to replace a 
> substring without identifying the entire replacement string:
>
>
> file { '/home/peter/dev/puppet/abc.txt':
>   ensure => present,
> }->
> file_line { 'Append a line to /home/peter/dev/puppet/abc.txt':
>   path => '/home/peter/dev/puppet/abc.txt',
>   line => 'cab',
>   multiple => true,
>   match   => "abc$",
> }
>
>
Check your quotes-- you can't interpolate a variable within single quotes. 

Personally, I went a bit more brute-force:

exec { '/usr/bin/sed -i -e s/uid=1000/uid=900/ *': 
    cwd         => '/etc/pam.d', 
    subscribe   => File['/etc/krb5.conf'], 
    refreshonly => true 
}

But getting rid of minimum UID completely might have unexpected behavior-- 
do you really want to manage your root password via PAM_LDAP?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/496c4fc3-2fe6-4db9-ad57-dc09174de488%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to