[augeas-devel] Saving failed error
Jeff Schroeder
jeffschroeder at computer.org
Fri Apr 15 21:34:32 UTC 2011
I'm seeing a weird error with augeas 0.7.3. While adding a pam_access
definition to /etc/pam.d/sshd, everything looks good and the save
fails.
Full session:
root at dev201: ~ # cat /etc/pam.d/sshd
#%PAM-1.0
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session include system-auth
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be
executed in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
root at dev201: ~ # augtool --version
augtool 0.7.3 <http://augeas.net/>
Copyright (C) 2009-2010 David Lutterkort
License LGPLv2+: GNU LGPL version 2.1 or later
<http://www.gnu.org/licenses/lgpl-2.1.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Written by David Lutterkort
root at dev201: ~ # augtool
augtool> print /files/etc/pam.d/sshd
/files/etc/pam.d/sshd
/files/etc/pam.d/sshd/#comment[1] = "%PAM-1.0"
/files/etc/pam.d/sshd/1
/files/etc/pam.d/sshd/1/type = "auth"
/files/etc/pam.d/sshd/1/control = "include"
/files/etc/pam.d/sshd/1/module = "system-auth"
/files/etc/pam.d/sshd/2
/files/etc/pam.d/sshd/2/type = "account"
/files/etc/pam.d/sshd/2/control = "required"
/files/etc/pam.d/sshd/2/module = "pam_nologin.so"
/files/etc/pam.d/sshd/3
/files/etc/pam.d/sshd/3/type = "account"
/files/etc/pam.d/sshd/3/control = "include"
/files/etc/pam.d/sshd/3/module = "system-auth"
/files/etc/pam.d/sshd/4
/files/etc/pam.d/sshd/4/type = "password"
/files/etc/pam.d/sshd/4/control = "include"
/files/etc/pam.d/sshd/4/module = "system-auth"
/files/etc/pam.d/sshd/#comment[2] = "pam_selinux.so close should be
the first session rule"
/files/etc/pam.d/sshd/5
/files/etc/pam.d/sshd/5/type = "session"
/files/etc/pam.d/sshd/5/control = "required"
/files/etc/pam.d/sshd/5/module = "pam_selinux.so"
/files/etc/pam.d/sshd/5/argument = "close"
/files/etc/pam.d/sshd/6
/files/etc/pam.d/sshd/6/type = "session"
/files/etc/pam.d/sshd/6/control = "include"
/files/etc/pam.d/sshd/6/module = "system-auth"
/files/etc/pam.d/sshd/7
/files/etc/pam.d/sshd/7/type = "session"
/files/etc/pam.d/sshd/7/control = "required"
/files/etc/pam.d/sshd/7/module = "pam_loginuid.so"
/files/etc/pam.d/sshd/#comment[3] = "pam_selinux.so open should only
be followed by sessions to be executed in the user context"
/files/etc/pam.d/sshd/8
/files/etc/pam.d/sshd/8/type = "session"
/files/etc/pam.d/sshd/8/control = "required"
/files/etc/pam.d/sshd/8/module = "pam_selinux.so"
/files/etc/pam.d/sshd/8/argument[1] = "open"
/files/etc/pam.d/sshd/8/argument[2] = "env_params"
/files/etc/pam.d/sshd/9
/files/etc/pam.d/sshd/9/type = "session"
/files/etc/pam.d/sshd/9/control = "optional"
/files/etc/pam.d/sshd/9/module = "pam_keyinit.so"
/files/etc/pam.d/sshd/9/argument[1] = "force"
/files/etc/pam.d/sshd/9/argument[2] = "revoke"
augtool>
augtool>
augtool>
augtool> ins access after /files/etc/pam.d/sshd/*[type = 'account' and
module = 'pam_nologin.so']
augtool> set /files/etc/pam.d/sshd/access/type account
augtool> set /files/etc/pam.d/sshd/access/control required
augtool> set /files/etc/pam.d/sshd/access/module pam_access.so
augtool>
augtool>
augtool>
augtool> print /files/etc/pam.d/sshd
/files/etc/pam.d/sshd
/files/etc/pam.d/sshd/#comment[1] = "%PAM-1.0"
/files/etc/pam.d/sshd/1
/files/etc/pam.d/sshd/1/type = "auth"
/files/etc/pam.d/sshd/1/control = "include"
/files/etc/pam.d/sshd/1/module = "system-auth"
/files/etc/pam.d/sshd/2
/files/etc/pam.d/sshd/2/type = "account"
/files/etc/pam.d/sshd/2/control = "required"
/files/etc/pam.d/sshd/2/module = "pam_nologin.so"
/files/etc/pam.d/sshd/access
/files/etc/pam.d/sshd/access/type = "account"
/files/etc/pam.d/sshd/access/control = "required"
/files/etc/pam.d/sshd/access/module = "pam_access.so"
/files/etc/pam.d/sshd/3
/files/etc/pam.d/sshd/3/type = "account"
/files/etc/pam.d/sshd/3/control = "include"
/files/etc/pam.d/sshd/3/module = "system-auth"
/files/etc/pam.d/sshd/4
/files/etc/pam.d/sshd/4/type = "password"
/files/etc/pam.d/sshd/4/control = "include"
/files/etc/pam.d/sshd/4/module = "system-auth"
/files/etc/pam.d/sshd/#comment[2] = "pam_selinux.so close should be
the first session rule"
/files/etc/pam.d/sshd/5
/files/etc/pam.d/sshd/5/type = "session"
/files/etc/pam.d/sshd/5/control = "required"
/files/etc/pam.d/sshd/5/module = "pam_selinux.so"
/files/etc/pam.d/sshd/5/argument = "close"
/files/etc/pam.d/sshd/6
/files/etc/pam.d/sshd/6/type = "session"
/files/etc/pam.d/sshd/6/control = "include"
/files/etc/pam.d/sshd/6/module = "system-auth"
/files/etc/pam.d/sshd/7
/files/etc/pam.d/sshd/7/type = "session"
/files/etc/pam.d/sshd/7/control = "required"
/files/etc/pam.d/sshd/7/module = "pam_loginuid.so"
/files/etc/pam.d/sshd/#comment[3] = "pam_selinux.so open should only
be followed by sessions to be executed in the user context"
/files/etc/pam.d/sshd/8
/files/etc/pam.d/sshd/8/type = "session"
/files/etc/pam.d/sshd/8/control = "required"
/files/etc/pam.d/sshd/8/module = "pam_selinux.so"
/files/etc/pam.d/sshd/8/argument[1] = "open"
/files/etc/pam.d/sshd/8/argument[2] = "env_params"
/files/etc/pam.d/sshd/9
/files/etc/pam.d/sshd/9/type = "session"
/files/etc/pam.d/sshd/9/control = "optional"
/files/etc/pam.d/sshd/9/module = "pam_keyinit.so"
/files/etc/pam.d/sshd/9/argument[1] = "force"
/files/etc/pam.d/sshd/9/argument[2] = "revoke"
augtool> save
Saving failed
augtool>
root at dev201: ~ # ll /etc/pam.d/sshd
-rw-r--r-- 1 root root 534 2011-04-15 14:10 /etc/pam.d/sshd
The usual suspects such as SELinux, extended attributes (chattr /
lsattr), and posix acls are not an issue. How can I make the save
succeed?
--
Jeff Schroeder
Don't drink and derive, alcohol and analysis don't mix.
http://www.digitalprognosis.com
More information about the augeas-devel
mailing list