search

voxpupuli / puppet-augeasproviders

Alternative Augeas-based providers for Puppet
http://augeasproviders.com/
Apache License 2.0
63 stars 46 forks source link

pam module not enforcing the after #135

Closed overholw closed 9 years ago

overholw commented 10 years ago

Based on the examples I wrote the following:

    # GuideSection 6.5
    # restrict access to the su command to the wheel group (and root)
    pam { '6.5 Restrict Access to the su Command':
      ensure    => present,
      service   => 'su',
      type      => 'auth',
      control   => 'required',
      module    => 'pam_wheel.so',
      arguments => 'use_uid',
      position  => 'after *[type="auth" and module="pam_rootok.so"]',
    }

Manually moving the generated "auth required pam_wheel.so use_uid" line above the "auth sufficient pam_rootok.so" line did not cause the pam_wheel.so line to be moved down.

Is there a bug in my syntax, augeasproviders or somewhere else?

raphink commented 9 years ago

Puppet won't move existing entries if you use ensure => present, it will only create them in the right place.

To move existing entries, you need to use ensure => positioned instead.