[augeas-devel] [Augeas] #300: Pam lens won't allow an argument to be set if there's a comment

Augeas trac at fedorahosted.org
Fri Sep 7 14:13:21 UTC 2012 

#300: Pam lens won't allow an argument to be set if there's a comment
----------------------+--------------------
  Reporter:  tdb      |      Owner:  lutter
      Type:  defect   |     Status:  closed
  Priority:  major    |  Milestone:  next
 Component:  Augeas   |    Version:  0.8.0
Resolution:  invalid  |   Keywords:
Blocked By:           |   Blocking:
----------------------+--------------------
Changes (by domcleal):

 * status:  new => closed
 * resolution:   => invalid


Comment:

 It's an issue with the set command you're using, which creates a tree that
 can't be transformed back into the original file.

 If you looked in augtool at the PAM config with the "print" command, you'd
 see something like:

 {{{
 /files/etc/pam.d/sshd/1
 /files/etc/pam.d/sshd/1/type = "session"
 /files/etc/pam.d/sshd/1/control = "optional"
 /files/etc/pam.d/sshd/1/module = "pam_motd.so"
 /files/etc/pam.d/sshd/1/#comment = "[1]"
 }}}

 If you were to edit the file manually to add "noupdate" and print it in
 augtool you'd see this:

 {{{
 /files/etc/pam.d/sshd/1
 /files/etc/pam.d/sshd/1/type = "session"
 /files/etc/pam.d/sshd/1/control = "optional"
 /files/etc/pam.d/sshd/1/module = "pam_motd.so"
 /files/etc/pam.d/sshd/1/argument = "noupdate"
 /files/etc/pam.d/sshd/1/#comment = "[1]"
 }}}

 So what's happening when you call the set command is that the argument is
 being created ''after'' #comment in the tree because it's a new entry.
 When Augeas comes to write the file back, the nodes are in the wrong
 order, as they should follow the order that you read/write the file.  The
 ins/insert command can add a node in a specific position in the tree.

 It's trickier to use in the Puppet/Augeas mini-DSL as if you used the
 Augeas API directly you'd use conditionals etc in your programming
 language to insert a new entries when needed.  I'd suggest this:

 {{{
 augeas { "disableupdates":
   context => "/files/etc/pam.d/sshd",
   changes => [
     "ins argument after *[module = 'pam_motd.so']/module",
     "set *[module = 'pam_motd.so']/argument 'noupdate'",
   ],
   onlyif  => "match *[module = 'pam_motd.so' and argument='noupdate'] size
 == 0",
 }
 }}}

-- 
Ticket URL: <https://fedorahosted.org/augeas/ticket/300#comment:1>
Augeas <http://augeas.net/>
a configuration API

More information about the augeas-devel mailing list