| Using Augeas to reconfigure PAM | ||
|---|---|---|
 | Part XIII. (Mass) Installations, also dual-boot |  |
| Using Augeas to reconfigure PAM | ||
|---|---|---|
| | Part XIII. (Mass) Installations, also dual-boot | |
RedHat's Augeas is available in Debian from Lenny and in Ubuntu at least from Intrepid. It offers a convenient way to convert human-readable UNIX configuration files to tree structures, search and edit in such trees using XPath-like syntax, and then save them back to their human-readable form. The docs on how to add noted to the tree are in their Wiki.
# (ToDo/FixMe: displace comments along with lines they pertain to)
cat <<EOF | augtool -b
# Remove the existing pam_group include in /etc/pam.d/login, as it doesn't work in the position behind the pam_lwp inclusions
rm "/files/etc/pam.d/login/*[type = 'auth'][control = 'optional'][module = 'pam_group.so']"
# Insert the same include before the lwp-auth include, as it does work there
ins 01 before "/files/etc/pam.d/login/include[. = 'lwp-auth']"
set /files/etc/pam.d/login/01/type auth
set /files/etc/pam.d/login/01/control optional
set /files/etc/pam.d/login/01/module pam_group.so
save
EOF
That script edited /etc/pam.d/login, which contained:
# Standard Un*x authentication.
@include lwp-auth
# This allows certain extra groups to be granted to a user
# based on things like time of day, tty, service, and user.
# Please edit /etc/security/group.conf to fit your needs
# (Replaces the `CONSOLE_GROUPS' option in login.defs)
auth optional pam_group.so
... and now contains:
# Standard Un*x authentication.
auth optional pam_group.so
@include lwp-auth
# This allows certain extra groups to be granted to a user
# based on things like time of day, tty, service, and user.
# Please edit /etc/security/group.conf to fit your needs
# (Replaces the `CONSOLE_GROUPS' option in login.defs)
| |  | |
| Cloning Ubuntu |  | Automating VMWare Player installs with expect |