[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Solaris /etc/shadow editing problems with cfengine 2.1.11

From: David E. Nelson
Subject: Re: Solaris /etc/shadow editing problems with cfengine 2.1.11
Date: Thu, 2 Dec 2004 12:59:04 -0600 (CST)

Hi Anne,

I just tried your snippet below (cut-n-pasted) in our config using 2.1.11 on a sun4u, solaris 9 system and it worked fine - I didn't, however, use 'sun4u' but used a hostname so that it'd only affect one host.

Have you looked at debug (-d1) output?


On Thu, 2 Dec 2004, Anne Cross wrote:

We're running CFengine across our mixed Solaris 8 and 9 environment and
have been doing so with great success for some time now.  Since I just
got our patch distribution scripts working, and we were several versions
behind on CFengine versions, I started upgrading servers to cfengine

I didn't notice any issues until we built a new solaris 9 server from
scratch, put the new cfengine on it, and it failed to get any of the
crypted passwords for our default accounts.  It got the entries in
/etc/password just fine, but not the entries for /etc/shadow.  We
control those entries like this.

     { /etc/passwd

       SetLine "patch:x:100:1:Patch:/home/patch:/bin/sh"
       AppendIfNoLineMatching "^patch:x:100:.*"


     { /etc/shadow

       SetLine "patch:NP:::::::"
       AppendIfNoLineMatching "^patch:.*"


This works fine through version 2.1.10.

When I take everything out of the config file, and make it so that the
only directives that editfiles: contains are edits to /etc/shadow, it
works in 2.1.11 also.  But only then.

When I run cfagent 2.1.11 in verbose mode against the full config, the
program seems to skip over the /etc/shadow directives in silently, not
even indicating that they're there.  It will edit any other file fine.

Is this a bug or a new feature that I missed somewhere in the

        -- Anne

Anne Cross
Systems Administrator, Tufts University
"They just tend to lunge at whatever looks interesting to them, write
whatever they please, and let the chips fall where they may. So we
may seem not merely arrogant, but completely unhinged." -- Neal Stephenson

Help-cfengine mailing list

~~ ** ~~  If you didn't learn anything when you broke it the 1st ~~ ** ~~
                        time, then break it again.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]