Re: Config files

[Alexander Mattausch]

Richard Arends wrote:

> On 22 Mar 2002, Adrian Phillips wrote:
>
> > It really depends. For files which I significantly different using
> > copy is probably a wise choice; but if you have a file which all
> > clients need with one line different then editfiles is probably the
> > way to go,
>
> Yes, that's true, but i'm also want to use it if some fucked something and
> then copy is probably the best option.
>
> For example:
>
> { /etc/pam.d/login
>  AppendIfNoSuchLine "password required pam_cracklib.so retry=3 minlen=8 difok=4"
> }
>
> And someone who isn't that smart, put the following in /etc/pam.d/login:
> password required pam_cracklib.so retry=30 minlen=3 difok=4"
>
> Now my 'AppendIfNoSuchLine' wil not match and i have 2 line's for the same
> configuration option. In cases like this, copy is the best thing i
> think...
PAM config files are not that long, so you can easily create them from 
scratch with editfiles:

{ /etc/pam.d/login
 AutoCreate
 EmptyEntireFilePlease
 Append "blabla"
 Append "blablabla"
 BeginGroupIfNotDefined "DumbUserHost"
  Append "password required pam_cracklib.so retry=3 minlen=8 difok=4"
 EndGroup
 BeginGroupIfDefined "DumbUserHost"
  Append "password required pam_cracklib.so retry=30 minlen=8 difok=4"
 EndGroup
}

"BeginGroupIfDefined" works with cfengine 2, I can send you a patch if 
you need it in 1.6.3.

Regards,
Alex