Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

position parameter does not work #3

Open
mmarod opened this issue May 7, 2015 · 5 comments
Open

position parameter does not work #3

mmarod opened this issue May 7, 2015 · 5 comments
Labels
bug Something isn't working

Comments

@mmarod
Copy link
Contributor

mmarod commented May 7, 2015

I have tried using both XPath and default forms for declaring positions and neither seem to work. I also tried declaring the position param as 'after' on the second pam resource below but that also did not work.

Using Debian 7 / Puppet 3.7.3

    pam { "Set cracklib limits in common-password.":
      ensure    => present,
      service   => 'common-password',
      type      => 'password',
      control   => 'required',
      module    => 'pam_cracklib.so',
      arguments => [ 'retry=3', 'minlen=8', 'difok=3' ],
      position  => 'before module pam_unix.so'
    }

    pam { "Set unix options in common-password":
      ensure    => present,
      service   => 'common-password',
      type      => 'password',
      control   => 'required',
      module    => 'pam_unix.so',
      arguments => [ 'use_authtok', 'nullok', 'md5', 'remember=6' ],
    }

The output of this is...

password    required    pam_unix.so use_authtok nullok  md5 remember=6
password    required    pam_cracklib.so retry=3 minlen=8    difok=3
@raphink
Copy link
Member

raphink commented May 7, 2015

If the entry already exists, ensure => present will not relocate it, you
need ensure => positioned

On Thu, 7 May 2015 22:31 Michael Marod notifications@github.com wrote:

I have tried using both XPath and default forms for declaring positions
and neither seem to work. I also tried declaring the position param as
'after' on the second pam resource below but that also did not work.

Using Debian 7 / Puppet 3.7.3

pam { "Set cracklib limits in common-password.":
  ensure    => present,
  service   => 'common-password',
  type      => 'password',
  control   => 'required',
  module    => 'pam_cracklib.so',
  arguments => [ 'retry=3', 'minlen=8', 'difok=3' ],
  position  => 'before module pam_unix.so'
}

pam { "Set unix options in common-password":
  ensure    => present,
  service   => 'common-password',
  type      => 'password',
  control   => 'required',
  module    => 'pam_unix.so',
  arguments => [ 'use_authtok', 'nullok', 'md5', 'remember=6' ],
}

The output of this is...

password required pam_unix.so use_authtok nullok md5 remember=6
password required pam_cracklib.so retry=3 minlen=8 difok=3


Reply to this email directly or view it on GitHub
#3.

@mmarod
Copy link
Contributor Author

mmarod commented May 7, 2015

Ah ok -- Well I tried positioned and am getting this error...

# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for baseline....
Info: Applying configuration version '1431032288'
Error: undefined method `in_position?' for Pam[Set cracklib limits in common-password.](provider=augeas):Puppet::Type::Pam::ProviderAugeas
Error: /Stage[main]/Main/Pam[Set cracklib limits in common-password.]/ensure: change from present to positioned failed: undefined method `in_position?' for Pam[Set cracklib limits in common-password.](provider=augeas):Puppet::Type::Pam::ProviderAugeas
Error: undefined method `in_position?' for Pam[Set unix options in common-password.](provider=augeas):Puppet::Type::Pam::ProviderAugeas
Error: /Stage[main]/Main/Pam[Set unix options in common-password.]/ensure: change from present to positioned failed: undefined method `in_position?' for Pam[Set unix options in common-password.](provider=augeas):Puppet::Type::Pam::ProviderAugeas

I have version 2.1.1 of the augeasproviders_core module and 4.6.0 of puppetlabs/stdlib and pluginsync is enabled... Any idea which module has the in_position? function?

@raphink
Copy link
Member

raphink commented Sep 9, 2015

That is quite weird. in_position? is present in lib/puppet/provider/pam/augeas.rb though, so it should be picked up.

@raphink raphink added the bug Something isn't working label Sep 9, 2015
@necrolyte2
Copy link

I seem to have a similar issue trying to insert pam line at the end of account chain

With both cases below, the line was added to the end of the file instead of where I expected

Tried this:

    pam { "puppet_pam_auth":
        ensure      => positioned,
        service     => 'sshd',
        type        => 'account',
        control     => 'sufficient',
        module      => 'pam_pbssimpleauth.so',
        position    => 'before *[type="session"]'
    }

Then tried this with same result:

    pam { "puppet_pam_auth":
        ensure      => positioned,
        service     => 'sshd',
        type        => 'account',
        control     => 'sufficient',
        module      => 'pam_pbssimpleauth.so',
        position    => 'before module pam_selinux.so'
    }

Result from both:

#%PAM-1.0
auth       required     pam_sepermit.so
auth       include      password-auth
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    optional     pam_keyinit.so force revoke
session    include      password-auth
account sufficient      pam_pbssimpleauth.so

@Heidistein
Copy link

Heidistein commented Aug 31, 2021

Sor, arriving on debian 11, puppet 7.10 seeing this issue. I like to tinker around with stuff, but this one I have no idea where to start. Lenses are a big voodoo for me.

Edit: Sorry, this was my own wrongdoing. I had a mix of old modules and camptocamp augeas, augeasproviders_core and a big mess. Apology.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

4 participants