[SOLVED] Script errors using sed to edit /etc/pam.d/common-....
ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Script errors using sed to edit /etc/pam.d/common-....
Hey guys,
Just a caveat...This script is for a competition Ubuntu image. I would not advise to run this script on your Linux box.
I am a little stumped as to why I keep getting these errors. I would greatly appreciate your help.
Here is the script:
Code:
#!/bin/bash
#/etc/pam.d files are Plugable Authentication Modules for establishing user credentials.
#Edit both /etc/pam.d/common-auth and /etc/pam.d/common-password files.
#Adds password complexity requirements on common-auth
#Changes password length on common-password
apt-get install libpam-cracklib
#Add lines to /etc/pam.d/common-auth
cp /etc/pam.d/common-auth /etc/pam.d/old-common-auth
sed -i '/pam_permit.so/ s/$/ onerr=fail deny=5 unlock_time=1800 audit even_deny_root root_unlock_time=6/g' /etc/pam.d/common-auth
cat /etc/pam.d/common-auth | grep pam_permit.so
#Edit /etc/pam.d/common-password
cp /etc/pam.d/common-password /etc/pam.d/old-common-password
sed -i 's/minlen=8/minlen=9/g' /etc/pam.d/common-password #Change minimum length from 8 to 9
#Require Uppercase "ucredit", Lowercase "dcredit", and symbols ocredit
sed -i 's/difok=3/difok=3 ucredit=-1 dcredit=-1 ocredit=-1/g' /etc/pam.d/common-password
cat /etc/pam.d/common-password | grep difok
cp /etc/login.defs /etc/old-login.defs
sed -i 's/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/g' /etc/login.defs
sed -i 's/^PASS_MIN_DAYS.*/PASS_MIN_DAYS 10/g' /etc/login.defs
sed -i 's/^PASS_WARN_AGE.*/PASS_WARN_AGE 7/g' /etc/login.defs
cat /etc/login.defs | grep ^PASS
Here are the results:
Quote:
dp@ubuntu:~$ sudo ./update-pam.sh
[sudo] password for dp:
: not foundm.sh: 6:
Reading package lists... Done
Building dependency tree
Reading state information... Done
libpam-cracklib is already the newest version (1.3.1-5ubuntu4.1).
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
: not foundm.sh: 8:
: not foundm.sh: 9:
: No such file or directorycommon-auth
: not foundm.sh: 14:
: not foundm.sh: 15:
: not foundm.sh: 16:
: not foundm.sh: 20:
: No such file or directory
: No such file or directory
: not foundm.sh: 24:
: No such file or directorydefs
: No such file or directorydefs
: No such file or directorydefs
: not foundm.sh: 30:
: not foundm.sh: 31:
And when I list the files after running the script, the copied original common-auth and common-password did not turn out as expected. The original files now look like this: 'old-common-password'$'\r' and 'old-common-auth'$'\r'
The files you are working on were created in Windows and hence have Windows line endings which are not compatible with most linux utilities.
Pass your "update-pam.sh" through dos2unix first and then see how you go
I would add that you need to go and look up what 'g' at the end of a sed means as it is not always required, although may not have an issue with some of the
places you have used it, it will catch you out later.
I think the 'g' refers to "global" meaning that it would change the pattern throughout the script. Is that correct?
No - although it may have that effect. sed works on the pattern space, which usually means the latest record read in. The "g" thus means apply the change to all matching occurrences in the pattern space. When the next record is read, it starts all over again. If you don't use address selection, that will change every occurrence, but that is merely a side-effect.
'g' tries to do multiple substitutions per line.
The next search is right from the previous match.
Typically you use it for a one character substitution like
Code:
echo "route 66 rocks" | sed 's/[[:alpha:]]/X/g'
The 'g' is useless with ^ or $ anchored expressions like
Code:
s/^PASS_MIN_DAYS.*/PASS_MIN_DAYS 1/
In this example not only the ^ enforces a match at the beginning that only can occur once. Also the .* expands the match till the end of the line so no rematch right from it is possible.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.