我运行了一次下面的脚本,当找到enforce_for_root匹配时,它已附加在行尾。但是,由于某种原因,即使该条目已经存在,pam_pwquality.so它仍会继续输入 if 。if ! grep -q "enforce_for_root" /etc/pam.d/system-auth
#!/bin/bash
source oem.properties
log_error() {
echo "Error: $1" | /usr/bin/tee $ERROR_LOG
echo "Aborting program ... "
echo " "
exit 10
}
echo " "
echo -n "Generating SSH keys ... "
if [ -f /home/rlee/.ssh/keys/$RSYNC_KEY ]; then
echo "key exists, skipping."
else
sudo -u rlee ssh-keygen -b 4096 -t $RSYNC_KEY_TYPE -f /home/rlee/.ssh/keys/$RSYNC_KEY -C "$RSYNC_KEY_COMMENT" -q -N ""
if [ $? -ne 0 ]; then log_error "Generating SSH keys."; fi
echo "OK"
fi
echo " "
echo "Add the public key to old OEM server."
echo "Create or modify the authorized_keys file on the old server."
echo "vim /home/rsync/.ssh/authorized_keys"
echo " "
echo "Add the following key: "
while true
do
cat /home/rlee/.ssh/keys/$RSYNC_KEY.pub
echo " "
read -p "Press 'C' to continue: " OPTION
if [ $OPTION == 'C' ] || [ $OPTION == 'c' ]; then break; fi
done
echo -n "Testing SSH connection ... "
ssh -p $OLD_OEM_PORT -i /home/rlee/.ssh/keys/$RSYNC_KEY -o StrictHostKeyChecking=no rsync@$OLD_OEM_HOSTNAME exit
if [ $? -ne 0 ]; then log_error "Testing SSH connection ... "; fi
echo "OK"
useradd llee
useradd nagios
# Enforce password policies
echo -n "Setting password policies ... "
authconfig --enablereqlower --enablerequpper --enablereqdigit --enablereqother --passminlen=12 --passmaxrepeat=3 --update
if [ $? -ne 0 ]; then log_error "Setting password policies ... "; fi
echo "OK"
echo -n "Enforcing password policies on root ... "
if ! grep -q "enforce_for_root" /etc/pam.d/system-auth; then
sed -i -e '/pam_pwquality.so/s/$/ enforce_for_root/' /etc/pam.d/system-auth
echo "doesn't exist"
fi
if [ $? -ne 0 ]; then log_error "Enforcing password policies on root ... "; fi
exit
如果我将此代码块移动到adduser语句之前的任何位置,它就不会if ! grep -q "enforce_for_root" /etc/pam.d/system-auth按预期工作。
为什么会发生这种情况?
#!/bin/bash
log_error() {
echo "Error: $1" | /usr/bin/tee $ERROR_LOG
echo "Aborting program ... "
echo " "
exit 10
}
echo -n "Enforcing password policies on root ... "
if ! grep -q "enforce_for_root" /etc/pam.d/system-auth; then
sed -i -e '/pam_pwquality.so/s/$/ enforce_for_root/' /etc/pam.d/system-auth
echo "doesn't exist"
fi
if [ $? -ne 0 ]; then log_error "Enforcing password policies on root ... "; fi
答案1
以下行导致了问题:
authconfig --enablereqlower --enablerequpper --enablereqdigit --enablereqother --passminlen=12 --passmaxrepeat=3 --update
这是运行命令时收到的消息authconfig:
Running authconfig compatibility tool.
The purpose of this tool is to enable authentication against chosen services with authselect and minimum configuration. It does not provide all capabilities of authconfig.
IMPORTANT: authconfig is replaced by authselect, please update your scripts.
See man authselect-migration(7) to help you with migration to authselect
我已经修改了pwquality.conf文件
echo -n "Setting password policies ... "
sed -i -e '/# minlen =/s/# minlen/minlen/' /etc/security/pwquality.conf
sed -i -e '/# ucredit =/s/# ucredit/ucredit/' /etc/security/pwquality.conf
sed -i -e '/# lcredit =/s/# lcredit/lcredit/' /etc/security/pwquality.conf
sed -i -e '/# dcredit =/s/# dcredit/dcredit/' /etc/security/pwquality.conf
sed -i -e '/# ocredit =/s/# ocredit/ocredit/' /etc/security/pwquality.conf
sed -i -e '/# enforcing =/s/# enforcing/enforcing/' /etc/security/pwquality.conf
sed -i -e '/# enforce_for_root/s/# enforce_for_root/enforce_for_root/' /etc/security/pwquality.conf
sed -i -e 's/minlen = .*/minlen = 12/' /etc/security/pwquality.conf
sed -i -e 's/ucredit = .*/ucredit = 1/' /etc/security/pwquality.conf
sed -i -e 's/lcredit = .*/lcredit = 1/' /etc/security/pwquality.conf
sed -i -e 's/dcredit = .*/dcredit = 1/' /etc/security/pwquality.conf
sed -i -e 's/ocredit = .*/ocredit = 1/' /etc/security/pwquality.conf
echo "OK"