I'm seeing a weird error with augeas 0.7.3. While adding a pam_access definition to /etc/pam.d/sshd, everything looks good and the save fails.
Full session: root@dev201: ~ # cat /etc/pam.d/sshd #%PAM-1.0 auth include system-auth account required pam_nologin.so account include system-auth password include system-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session include system-auth session required pam_loginuid.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open env_params session optional pam_keyinit.so force revoke root@dev201: ~ # augtool --version augtool 0.7.3 <http://augeas.net/> Copyright (C) 2009-2010 David Lutterkort License LGPLv2+: GNU LGPL version 2.1 or later <http://www.gnu.org/licenses/lgpl-2.1.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Written by David Lutterkort root@dev201: ~ # augtool augtool> print /files/etc/pam.d/sshd /files/etc/pam.d/sshd /files/etc/pam.d/sshd/#comment[1] = "%PAM-1.0" /files/etc/pam.d/sshd/1 /files/etc/pam.d/sshd/1/type = "auth" /files/etc/pam.d/sshd/1/control = "include" /files/etc/pam.d/sshd/1/module = "system-auth" /files/etc/pam.d/sshd/2 /files/etc/pam.d/sshd/2/type = "account" /files/etc/pam.d/sshd/2/control = "required" /files/etc/pam.d/sshd/2/module = "pam_nologin.so" /files/etc/pam.d/sshd/3 /files/etc/pam.d/sshd/3/type = "account" /files/etc/pam.d/sshd/3/control = "include" /files/etc/pam.d/sshd/3/module = "system-auth" /files/etc/pam.d/sshd/4 /files/etc/pam.d/sshd/4/type = "password" /files/etc/pam.d/sshd/4/control = "include" /files/etc/pam.d/sshd/4/module = "system-auth" /files/etc/pam.d/sshd/#comment[2] = "pam_selinux.so close should be the first session rule" /files/etc/pam.d/sshd/5 /files/etc/pam.d/sshd/5/type = "session" /files/etc/pam.d/sshd/5/control = "required" /files/etc/pam.d/sshd/5/module = "pam_selinux.so" /files/etc/pam.d/sshd/5/argument = "close" /files/etc/pam.d/sshd/6 /files/etc/pam.d/sshd/6/type = "session" /files/etc/pam.d/sshd/6/control = "include" /files/etc/pam.d/sshd/6/module = "system-auth" /files/etc/pam.d/sshd/7 /files/etc/pam.d/sshd/7/type = "session" /files/etc/pam.d/sshd/7/control = "required" /files/etc/pam.d/sshd/7/module = "pam_loginuid.so" /files/etc/pam.d/sshd/#comment[3] = "pam_selinux.so open should only be followed by sessions to be executed in the user context" /files/etc/pam.d/sshd/8 /files/etc/pam.d/sshd/8/type = "session" /files/etc/pam.d/sshd/8/control = "required" /files/etc/pam.d/sshd/8/module = "pam_selinux.so" /files/etc/pam.d/sshd/8/argument[1] = "open" /files/etc/pam.d/sshd/8/argument[2] = "env_params" /files/etc/pam.d/sshd/9 /files/etc/pam.d/sshd/9/type = "session" /files/etc/pam.d/sshd/9/control = "optional" /files/etc/pam.d/sshd/9/module = "pam_keyinit.so" /files/etc/pam.d/sshd/9/argument[1] = "force" /files/etc/pam.d/sshd/9/argument[2] = "revoke" augtool> augtool> augtool> augtool> ins access after /files/etc/pam.d/sshd/*[type = 'account' and module = 'pam_nologin.so'] augtool> set /files/etc/pam.d/sshd/access/type account augtool> set /files/etc/pam.d/sshd/access/control required augtool> set /files/etc/pam.d/sshd/access/module pam_access.so augtool> augtool> augtool> augtool> print /files/etc/pam.d/sshd /files/etc/pam.d/sshd /files/etc/pam.d/sshd/#comment[1] = "%PAM-1.0" /files/etc/pam.d/sshd/1 /files/etc/pam.d/sshd/1/type = "auth" /files/etc/pam.d/sshd/1/control = "include" /files/etc/pam.d/sshd/1/module = "system-auth" /files/etc/pam.d/sshd/2 /files/etc/pam.d/sshd/2/type = "account" /files/etc/pam.d/sshd/2/control = "required" /files/etc/pam.d/sshd/2/module = "pam_nologin.so" /files/etc/pam.d/sshd/access /files/etc/pam.d/sshd/access/type = "account" /files/etc/pam.d/sshd/access/control = "required" /files/etc/pam.d/sshd/access/module = "pam_access.so" /files/etc/pam.d/sshd/3 /files/etc/pam.d/sshd/3/type = "account" /files/etc/pam.d/sshd/3/control = "include" /files/etc/pam.d/sshd/3/module = "system-auth" /files/etc/pam.d/sshd/4 /files/etc/pam.d/sshd/4/type = "password" /files/etc/pam.d/sshd/4/control = "include" /files/etc/pam.d/sshd/4/module = "system-auth" /files/etc/pam.d/sshd/#comment[2] = "pam_selinux.so close should be the first session rule" /files/etc/pam.d/sshd/5 /files/etc/pam.d/sshd/5/type = "session" /files/etc/pam.d/sshd/5/control = "required" /files/etc/pam.d/sshd/5/module = "pam_selinux.so" /files/etc/pam.d/sshd/5/argument = "close" /files/etc/pam.d/sshd/6 /files/etc/pam.d/sshd/6/type = "session" /files/etc/pam.d/sshd/6/control = "include" /files/etc/pam.d/sshd/6/module = "system-auth" /files/etc/pam.d/sshd/7 /files/etc/pam.d/sshd/7/type = "session" /files/etc/pam.d/sshd/7/control = "required" /files/etc/pam.d/sshd/7/module = "pam_loginuid.so" /files/etc/pam.d/sshd/#comment[3] = "pam_selinux.so open should only be followed by sessions to be executed in the user context" /files/etc/pam.d/sshd/8 /files/etc/pam.d/sshd/8/type = "session" /files/etc/pam.d/sshd/8/control = "required" /files/etc/pam.d/sshd/8/module = "pam_selinux.so" /files/etc/pam.d/sshd/8/argument[1] = "open" /files/etc/pam.d/sshd/8/argument[2] = "env_params" /files/etc/pam.d/sshd/9 /files/etc/pam.d/sshd/9/type = "session" /files/etc/pam.d/sshd/9/control = "optional" /files/etc/pam.d/sshd/9/module = "pam_keyinit.so" /files/etc/pam.d/sshd/9/argument[1] = "force" /files/etc/pam.d/sshd/9/argument[2] = "revoke" augtool> save Saving failed augtool> root@dev201: ~ # ll /etc/pam.d/sshd -rw-r--r-- 1 root root 534 2011-04-15 14:10 /etc/pam.d/sshd The usual suspects such as SELinux, extended attributes (chattr / lsattr), and posix acls are not an issue. How can I make the save succeed? -- Jeff Schroeder Don't drink and derive, alcohol and analysis don't mix. http://www.digitalprognosis.com _______________________________________________ augeas-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/augeas-devel
