LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Programming (https://www.linuxquestions.org/questions/programming-9/)
-   -   Script errors using sed to edit /etc/pam.d/common-.... (https://www.linuxquestions.org/questions/programming-9/script-errors-using-sed-to-edit-etc-pam-d-common-4175682768/)

crusader7 09-27-2020 12:31 AM

Script errors using sed to edit /etc/pam.d/common-....
 
Hey guys,

Just a caveat...This script is for a competition Ubuntu image. I would not advise to run this script on your Linux box.

I am a little stumped as to why I keep getting these errors. I would greatly appreciate your help.

Here is the script:
Code:

#!/bin/bash
#/etc/pam.d files are Plugable Authentication Modules for establishing user credentials.
#Edit both /etc/pam.d/common-auth and /etc/pam.d/common-password files.
#Adds password complexity requirements on common-auth
#Changes password length on common-password

apt-get install libpam-cracklib           


#Add lines to /etc/pam.d/common-auth
cp /etc/pam.d/common-auth /etc/pam.d/old-common-auth
sed -i '/pam_permit.so/ s/$/ onerr=fail deny=5 unlock_time=1800 audit even_deny_root root_unlock_time=6/g' /etc/pam.d/common-auth
cat /etc/pam.d/common-auth | grep pam_permit.so



#Edit /etc/pam.d/common-password
cp /etc/pam.d/common-password /etc/pam.d/old-common-password
sed -i 's/minlen=8/minlen=9/g' /etc/pam.d/common-password              #Change minimum length from 8 to 9

#Require Uppercase "ucredit", Lowercase "dcredit", and symbols ocredit
sed -i 's/difok=3/difok=3 ucredit=-1 dcredit=-1 ocredit=-1/g' /etc/pam.d/common-password 
cat /etc/pam.d/common-password | grep difok

cp /etc/login.defs /etc/old-login.defs
sed -i 's/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/g' /etc/login.defs
sed -i 's/^PASS_MIN_DAYS.*/PASS_MIN_DAYS 10/g' /etc/login.defs
sed -i 's/^PASS_WARN_AGE.*/PASS_WARN_AGE 7/g' /etc/login.defs
cat /etc/login.defs | grep ^PASS

Here are the results:
Quote:

dp@ubuntu:~$ sudo ./update-pam.sh
[sudo] password for dp:
: not foundm.sh: 6:
Reading package lists... Done
Building dependency tree
Reading state information... Done
libpam-cracklib is already the newest version (1.3.1-5ubuntu4.1).
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
: not foundm.sh: 8:
: not foundm.sh: 9:
: No such file or directorycommon-auth
: not foundm.sh: 14:
: not foundm.sh: 15:
: not foundm.sh: 16:
: not foundm.sh: 20:
: No such file or directory
: No such file or directory
: not foundm.sh: 24:
: No such file or directorydefs
: No such file or directorydefs
: No such file or directorydefs
: not foundm.sh: 30:
: not foundm.sh: 31:
And when I list the files after running the script, the copied original common-auth and common-password did not turn out as expected. The original files now look like this: 'old-common-password'$'\r' and 'old-common-auth'$'\r'

Quote:

$ ls /etc/pam.d
chfn common-account common-session cups gdm-launch-environment newusers other ppp su systemd-user
chpasswd common-auth common-session-noninteractive gdm-autologin gdm-password 'old-common-auth'$'\r' passwd runuser sudo vmtoolsd
chsh common-password cron gdm-fingerprint login 'old-common-password'$'\r' polkit-1 runuser-l su-l


grail 09-27-2020 01:28 AM

The files you are working on were created in Windows and hence have Windows line endings which are not compatible with most linux utilities.

Pass your "update-pam.sh" through dos2unix first and then see how you go

I would add that you need to go and look up what 'g' at the end of a sed means as it is not always required, although may not have an issue with some of the
places you have used it, it will catch you out later.

astrogeek 09-27-2020 01:34 AM

^grail types faster than I!

Agree, it looks like your script was written in, or passed through a M$ editor and has line endings that won't work in the Linux environment.

syg00 09-27-2020 01:39 AM

nm - pretend I was never here.

crusader7 09-27-2020 07:46 PM

Thank you for your help
 
Hey guys! Thanks for your help!

I rewrote the script and ran it on Ubuntu without any issues.

How were you able to identify that it was written in MS notepad?

I also cleaned it up a little.

I think the 'g' refers to "global" meaning that it would change the pattern throughout the script. Is that correct?

Code:

#!/bin/bash


apt-get install libpam-cracklib              # Adds additional security for passwords in pam


# Edit /etc/pam.c/common-auth
cp /etc/pam.d/common-auth /etc/pam.d/bak-common-auth
sed -i '/pam_permit.so/ s/$/ onerr=fail deny=5 unlock_time=1800 audit even_deny_root root_unlock_time=6/g' /etc/pam.d/common-auth
cat /etc/pam.d/common-auth | grep pam_permit.so

#Edit /etc/pam.d/common-password
cp /etc/pam.d/common-password /etc/pam.d/bak-common-password
#Require Uppercase "ucredit", Lowercase "dcredit", and symbols ocredit
sed -i 's/difok=3/difok=3 ucredit=-1 dcredit=-1 ocredit=-1/g' /etc/pam.d/common-password 
cat /etc/pam.d/common-password | grep difok

#Edit /etc/login.defs to control password life
cp /etc/login.defs /etc/bak-login.defs
sed -i 's/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/g' /etc/login.defs
sed -i 's/^PASS_MIN_DAYS.*/PASS_MIN_DAYS 10/g' /etc/login.defs
sed -i 's/^PASS_WARN_AGE.*/PASS_WARN_AGE 7/g' /etc/login.defs
cat /etc/login.defs | grep ^PASS

exit 0


syg00 09-27-2020 10:19 PM

Quote:

Originally Posted by crusader7 (Post 6170333)
I think the 'g' refers to "global" meaning that it would change the pattern throughout the script. Is that correct?

No - although it may have that effect. sed works on the pattern space, which usually means the latest record read in. The "g" thus means apply the change to all matching occurrences in the pattern space. When the next record is read, it starts all over again. If you don't use address selection, that will change every occurrence, but that is merely a side-effect.

scasey 09-28-2020 02:57 AM

It’s OK to edit in Notepad, or any other Windows editor.
Two ways to avoid the CRLF vs. LF line ends:
  1. Use an acsii file transfer (sftp/ftp) from Windows to Linux*
  2. Run the file thru dos2linux after copying the file to the Linux ‘puter.

*That is the definition of an ascii file transfer...to to convert the line ends

MadeInGermany 09-28-2020 08:13 AM

'g' tries to do multiple substitutions per line.
The next search is right from the previous match.
Typically you use it for a one character substitution like
Code:

echo "route 66 rocks" | sed 's/[[:alpha:]]/X/g'
The 'g' is useless with ^ or $ anchored expressions like
Code:

s/^PASS_MIN_DAYS.*/PASS_MIN_DAYS 1/
In this example not only the ^ enforces a match at the beginning that only can occur once. Also the .* expands the match till the end of the line so no rematch right from it is possible.


All times are GMT -5. The time now is 10:59 AM.