[Puppet Users] Re: removing "minimum_uid=1000" value from all my pam config files

Fri, 31 Mar 2017 07:56:47 -0700 

On Thursday, March 30, 2017 at 1:58:46 PM UTC-4, Peter K wrote:
>
> I'm trying to remove a specific configuration value, "minimum_uid=1000", 
> from multiple lines in several files (currently 5 files) in /etc/pam.d/.
> A typical line looks like this:
> auth     [success=1 default=ignore]      pam_ldap.so use_first_pass 
> minimum_uid=1000
>
> I've tried exec and sed, but I couldn't figure out the necessary escaping 
> to get the filename variable to parse (here I test with 'abc'):
> define removeMinimumUID(){
>     exec { '${filename}':
>       command => "/usr/bin/sed -i \'s|abc|cab|g\' ${filename}",
>       onlyif => '/usr/bin/test -e ${filename}',
>       refresh => '/usr/bin/true',
>       provider => 'posix',
>       logoutput => on_failure,
>     }
> }
>
> RemoveMinimumUID { "/mnt/NY_Interactive/dev/peter/puppet/abc.txt": }
>
> Error:
> Executing: '/usr/bin/sed -i 's|abc|cab|g' '^[[0m
> ^[[mNotice: 
> /Stage[main]/Main/Removeminimumuid[/mnt/NY_Interactive/dev/peter/puppet/abc.txt]/Exec[${filename}]/returns:
>  
> /usr/bin/sed: no input files^[[0m
>
> If I substitute the fully qualified filename with the filename variable on 
> the 'commmand' parameter line, the script runs fine.
>
>
>
> Then I tried stdlibs' file_line but I couldn't figure out how to replace a 
> substring without identifying the entire replacement string:
>
>
> file { '/home/peter/dev/puppet/abc.txt':
>   ensure => present,
> }->
> file_line { 'Append a line to /home/peter/dev/puppet/abc.txt':
>   path => '/home/peter/dev/puppet/abc.txt',
>   line => 'cab',
>   multiple => true,
>   match   => "abc$",
> }
>
>
Check your quotes-- you can't interpolate a variable within single quotes. 

Personally, I went a bit more brute-force:

exec { '/usr/bin/sed -i -e s/uid=1000/uid=900/ *': 
    cwd         => '/etc/pam.d', 
    subscribe   => File['/etc/krb5.conf'], 
    refreshonly => true 
}

But getting rid of minimum UID completely might have unexpected behavior-- 
do you really want to manage your root password via PAM_LDAP?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/496c4fc3-2fe6-4db9-ad57-dc09174de488%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to