Git Product home page Git Product logo

Comments (3)

davidc avatar davidc commented on August 26, 2024 
# augtool --version
augtool 1.12.0 <http://augeas.net/>

from augeas.

AlphaZiege avatar AlphaZiege commented on August 26, 2024

Same Problem.
The set command can only change values and cant insert any.
The ins command wont work until there are no Match Blocks in the config file

from augeas.

georgehansper avatar georgehansper commented on August 26, 2024

The set command will create a new node, if it does not already exist.
The new node is always appended to existing nodes at the same level.

In this case:

> augtool -At 'Sshd.lns incl /etc/ssh/sshd_config.issue799'  
augtool> set /files/etc/ssh/sshd_config.issue799/PermitRootLogin no 
augtool> print /files
/files
/files/etc
/files/etc/ssh
/files/etc/ssh/sshd_config.issue799
/files/etc/ssh/sshd_config.issue799/Match
/files/etc/ssh/sshd_config.issue799/Match/Condition
/files/etc/ssh/sshd_config.issue799/Match/Condition/Group = "*,!adm"
/files/etc/ssh/sshd_config.issue799/Match/Settings
/files/etc/ssh/sshd_config.issue799/Match/Settings/ChrootDirectory = "%h"
/files/etc/ssh/sshd_config.issue799/PermitRootLogin = "no"
augtool> save
error: Failed to execute command
saving failed (run 'errors' for details)
augtool>

We can get a better idea of what is acceptable by creating this file:

PermitRootLogin yes
Match Group *,!adm
  ChrootDirectory %h
  PermitRootLogin no

Which is valid according to man sshd_config

And then looking at the result:

> augtool -At 'Sshd.lns incl /etc/ssh/sshd_config.issue799'  print /files
/files
/files/etc
/files/etc/ssh
/files/etc/ssh/sshd_config.issue799
/files/etc/ssh/sshd_config.issue799/PermitRootLogin = "yes"
/files/etc/ssh/sshd_config.issue799/Match
/files/etc/ssh/sshd_config.issue799/Match/Condition
/files/etc/ssh/sshd_config.issue799/Match/Condition/Group = "*,!adm"
/files/etc/ssh/sshd_config.issue799/Match/Settings
/files/etc/ssh/sshd_config.issue799/Match/Settings/ChrootDirectory = "%h"
/files/etc/ssh/sshd_config.issue799/Match/Settings/PermitRootLogin = "no"

The solution is to ensure that PermitRootLogin is inserted before Match

There is no existing single command which will tell augeas to "update this node, but if you need to create it, put it (here)"
Admittedly, such a feature would be quite useful in real-world situations like this one

The simplest work-around I can suggest consists of 3 commands:

insert PermitRootLogin before /files/etc/ssh/sshd_config.issue799/Match
set /files/etc/ssh/sshd_config.issue799/PermitRootLogin[1] no 
rm /files/etc/ssh/sshd_config.issue799/PermitRootLogin[2]

To demonstrate:

> augtool -At 'Sshd.lns incl /etc/ssh/sshd_config.issue799'
augtool> print /files
/files
/files/etc
/files/etc/ssh
/files/etc/ssh/sshd_config.issue799
/files/etc/ssh/sshd_config.issue799/Match
/files/etc/ssh/sshd_config.issue799/Match/Condition
/files/etc/ssh/sshd_config.issue799/Match/Condition/Group = "*,!adm"
/files/etc/ssh/sshd_config.issue799/Match/Settings
/files/etc/ssh/sshd_config.issue799/Match/Settings/ChrootDirectory = "%h"
augtool> insert PermitRootLogin before /files/etc/ssh/sshd_config.issue799/Match
augtool> set /files/etc/ssh/sshd_config.issue799/PermitRootLogin[1] no 
augtool> rm /files/etc/ssh/sshd_config.issue799/PermitRootLogin[2]
rm : /files/etc/ssh/sshd_config.issue799/PermitRootLogin[2] 0
augtool> print /files
/files
/files/etc
/files/etc/ssh
/files/etc/ssh/sshd_config.issue799
/files/etc/ssh/sshd_config.issue799/PermitRootLogin = "no"
/files/etc/ssh/sshd_config.issue799/Match
/files/etc/ssh/sshd_config.issue799/Match/Condition
/files/etc/ssh/sshd_config.issue799/Match/Condition/Group = "*,!adm"
/files/etc/ssh/sshd_config.issue799/Match/Settings
/files/etc/ssh/sshd_config.issue799/Match/Settings/ChrootDirectory = "%h"
augtool> save
Saved 1 file(s)
augtool>

If the line PermitRootLogin already exists, a superfluous 2nd node is created, and then removed.
It is not a error to rm a node that does not already exist, so if insert has created the first PermitRootLogin line, the subsequent rm ... [2] will not remove anything, hence the response that 0 nodes were deleted (above)

Alternately, if your default /etc/ssh/sshd_config has the line:

Include /etc/ssh/sshd_config.d/*.conf

You could put all the Match blocks in to a separate file so Augeas does not need to deal with the combination of global settings and Match blocks in the same file. If you opt for such a solution, Augeas may no longer be the best tool for the job.

from augeas.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.