Comments (3)
# augtool --version
augtool 1.12.0 <http://augeas.net/>
from augeas.
Same Problem.
The set command can only change values and cant insert any.
The ins command wont work until there are no Match Blocks in the config file
from augeas.
The set
command will create a new node, if it does not already exist.
The new node is always appended to existing nodes at the same level.
In this case:
> augtool -At 'Sshd.lns incl /etc/ssh/sshd_config.issue799'
augtool> set /files/etc/ssh/sshd_config.issue799/PermitRootLogin no
augtool> print /files
/files
/files/etc
/files/etc/ssh
/files/etc/ssh/sshd_config.issue799
/files/etc/ssh/sshd_config.issue799/Match
/files/etc/ssh/sshd_config.issue799/Match/Condition
/files/etc/ssh/sshd_config.issue799/Match/Condition/Group = "*,!adm"
/files/etc/ssh/sshd_config.issue799/Match/Settings
/files/etc/ssh/sshd_config.issue799/Match/Settings/ChrootDirectory = "%h"
/files/etc/ssh/sshd_config.issue799/PermitRootLogin = "no"
augtool> save
error: Failed to execute command
saving failed (run 'errors' for details)
augtool>
We can get a better idea of what is acceptable by creating this file:
PermitRootLogin yes
Match Group *,!adm
ChrootDirectory %h
PermitRootLogin no
Which is valid according to man sshd_config
And then looking at the result:
> augtool -At 'Sshd.lns incl /etc/ssh/sshd_config.issue799' print /files
/files
/files/etc
/files/etc/ssh
/files/etc/ssh/sshd_config.issue799
/files/etc/ssh/sshd_config.issue799/PermitRootLogin = "yes"
/files/etc/ssh/sshd_config.issue799/Match
/files/etc/ssh/sshd_config.issue799/Match/Condition
/files/etc/ssh/sshd_config.issue799/Match/Condition/Group = "*,!adm"
/files/etc/ssh/sshd_config.issue799/Match/Settings
/files/etc/ssh/sshd_config.issue799/Match/Settings/ChrootDirectory = "%h"
/files/etc/ssh/sshd_config.issue799/Match/Settings/PermitRootLogin = "no"
The solution is to ensure that PermitRootLogin
is inserted before Match
There is no existing single command which will tell augeas to "update this node, but if you need to create it, put it (here)"
Admittedly, such a feature would be quite useful in real-world situations like this one
The simplest work-around I can suggest consists of 3 commands:
insert PermitRootLogin before /files/etc/ssh/sshd_config.issue799/Match
set /files/etc/ssh/sshd_config.issue799/PermitRootLogin[1] no
rm /files/etc/ssh/sshd_config.issue799/PermitRootLogin[2]
To demonstrate:
> augtool -At 'Sshd.lns incl /etc/ssh/sshd_config.issue799'
augtool> print /files
/files
/files/etc
/files/etc/ssh
/files/etc/ssh/sshd_config.issue799
/files/etc/ssh/sshd_config.issue799/Match
/files/etc/ssh/sshd_config.issue799/Match/Condition
/files/etc/ssh/sshd_config.issue799/Match/Condition/Group = "*,!adm"
/files/etc/ssh/sshd_config.issue799/Match/Settings
/files/etc/ssh/sshd_config.issue799/Match/Settings/ChrootDirectory = "%h"
augtool> insert PermitRootLogin before /files/etc/ssh/sshd_config.issue799/Match
augtool> set /files/etc/ssh/sshd_config.issue799/PermitRootLogin[1] no
augtool> rm /files/etc/ssh/sshd_config.issue799/PermitRootLogin[2]
rm : /files/etc/ssh/sshd_config.issue799/PermitRootLogin[2] 0
augtool> print /files
/files
/files/etc
/files/etc/ssh
/files/etc/ssh/sshd_config.issue799
/files/etc/ssh/sshd_config.issue799/PermitRootLogin = "no"
/files/etc/ssh/sshd_config.issue799/Match
/files/etc/ssh/sshd_config.issue799/Match/Condition
/files/etc/ssh/sshd_config.issue799/Match/Condition/Group = "*,!adm"
/files/etc/ssh/sshd_config.issue799/Match/Settings
/files/etc/ssh/sshd_config.issue799/Match/Settings/ChrootDirectory = "%h"
augtool> save
Saved 1 file(s)
augtool>
If the line PermitRootLogin
already exists, a superfluous 2nd node is created, and then removed.
It is not a error to rm
a node that does not already exist, so if insert
has created the first PermitRootLogin
line, the subsequent rm ... [2]
will not remove anything, hence the response that 0 nodes were deleted (above)
Alternately, if your default /etc/ssh/sshd_config
has the line:
Include /etc/ssh/sshd_config.d/*.conf
You could put all the Match
blocks in to a separate file so Augeas does not need to deal with the combination of global settings and Match blocks in the same file. If you opt for such a solution, Augeas may no longer be the best tool for the job.
from augeas.
Related Issues (20)
- Grammar railroad diagram
- Sshd not parsing PubKeyAcceptedAlgorithms as a list HOT 4
- oss-fuzz: timeout HOT 3
- [multipath.aug] Unable to parse `enable_foreign "^$"` line
- Puppetfile lens doesn't allow inline comments
- how to encrypt password using htpasswd.lens HOT 1
- Poorly specified licensing for some lenses HOT 2
- Implicit function delcaration error with Apple Clang HOT 4
- User configuration HOT 1
- Json.lns of augeas leaves policy.json files in readable, but messy state HOT 1
- after updating from 1.12.0 to 1.14.1 sysctl.lns broken for OpenBSD HOT 1
- GitHub org information suggests nonexistent #augeas on freenode
- Samba lens is missing on Stock Lenses page, https://augeas.net/stock_lenses.html
- Redis lens parse error with the default Redis configuration for v6 and v7
- Augeas cannot parse krb5.conf if trailing brace on the same line
- augeas can't set an empty string (passwd/name and shadow/password) HOT 1
- Unable to add Match to /etc/sshd_conf HOT 2
- ruby-augeas gem produces (harmless?) warning under Ruby 3.2 HOT 1
- cannot parse /etc/fstab with trailing "," in the fs_mntops field HOT 11
- httpd lens Apache parsing error with unclosed tags HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from augeas.