[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Solaris /etc/shadow editing problems with cfengine 2.1.11
From: |
Anne Cross |
Subject: |
Solaris /etc/shadow editing problems with cfengine 2.1.11 |
Date: |
Thu, 2 Dec 2004 13:23:26 -0500 |
User-agent: |
Mutt/1.4.2.1i |
We're running CFengine across our mixed Solaris 8 and 9 environment and
have been doing so with great success for some time now. Since I just
got our patch distribution scripts working, and we were several versions
behind on CFengine versions, I started upgrading servers to cfengine
2.1.11.
I didn't notice any issues until we built a new solaris 9 server from
scratch, put the new cfengine on it, and it failed to get any of the
crypted passwords for our default accounts. It got the entries in
/etc/password just fine, but not the entries for /etc/shadow. We
control those entries like this.
editfiles:
sun4u::
{ /etc/passwd
SetLine "patch:x:100:1:Patch:/home/patch:/bin/sh"
AppendIfNoLineMatching "^patch:x:100:.*"
}
{ /etc/shadow
SetLine "patch:NP:::::::"
AppendIfNoLineMatching "^patch:.*"
}
This works fine through version 2.1.10.
When I take everything out of the config file, and make it so that the
only directives that editfiles: contains are edits to /etc/shadow, it
works in 2.1.11 also. But only then.
When I run cfagent 2.1.11 in verbose mode against the full config, the
program seems to skip over the /etc/shadow directives in silently, not
even indicating that they're there. It will edit any other file fine.
Is this a bug or a new feature that I missed somewhere in the
documentation?
-- Anne
Anne Cross
Systems Administrator, Tufts University
"They just tend to lunge at whatever looks interesting to them, write
whatever they please, and let the chips fall where they may. So we
may seem not merely arrogant, but completely unhinged." -- Neal Stephenson
- Solaris /etc/shadow editing problems with cfengine 2.1.11,
Anne Cross <=
Re: Solaris /etc/shadow editing problems with cfengine 2.1.11, Iain Morgan, 2004/12/02