help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Solaris /etc/shadow editing problems with cfengine 2.1.11


From: Iain Morgan
Subject: Re: Solaris /etc/shadow editing problems with cfengine 2.1.11
Date: Thu, 2 Dec 2004 11:07:32 -0800 (PST)

Since you discovered this issue during a new build, does the problem only
manifest during JumpStart? If so, you might want to confirm that the shadow
file exists when cfengine is running.

I vaguely recall a situation during OS installation (I think it was with
Solaris) where I had to run pwconv to create the shadow file.

On Thu Dec  2 10:23:26 2004, Anne Cross wrote:
> 
> We're running CFengine across our mixed Solaris 8 and 9 environment and 
> have been doing so with great success for some time now.  Since I just 
> got our patch distribution scripts working, and we were several versions 
> behind on CFengine versions, I started upgrading servers to cfengine 
> 2.1.11.
> 
> I didn't notice any issues until we built a new solaris 9 server from
> scratch, put the new cfengine on it, and it failed to get any of the 
> crypted passwords for our default accounts.  It got the entries in 
> /etc/password just fine, but not the entries for /etc/shadow.  We 
> control those entries like this.
> 
> editfiles:
>    sun4u::
>       { /etc/passwd
>                                                                               
>   
>         SetLine "patch:x:100:1:Patch:/home/patch:/bin/sh"
>         AppendIfNoLineMatching "^patch:x:100:.*"
> 
>       }
> 
>       { /etc/shadow
>  
>         SetLine "patch:NP:::::::"
>         AppendIfNoLineMatching "^patch:.*"
> 
>       }
> 
> This works fine through version 2.1.10.
> 
> When I take everything out of the config file, and make it so that the
> only directives that editfiles: contains are edits to /etc/shadow, it
> works in 2.1.11 also.  But only then.
> 
> When I run cfagent 2.1.11 in verbose mode against the full config, the
> program seems to skip over the /etc/shadow directives in silently, not
> even indicating that they're there.  It will edit any other file fine.
> 
> Is this a bug or a new feature that I missed somewhere in the 
> documentation?
> 
>       -- Anne
> 
> Anne Cross
> Systems Administrator, Tufts University
> "They just tend to lunge at whatever looks interesting to them, write 
>  whatever they please, and let the chips fall where they may. So we
>  may seem not merely arrogant, but completely unhinged." -- Neal Stephenson 
> 
> 
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://lists.gnu.org/mailman/listinfo/help-cfengine
> 


--
Iain Morgan




reply via email to

[Prev in Thread] Current Thread [Next in Thread]