My /etc/pam.d/system-auth-ac
has the below auth
parameters set:
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
I want to insert pam_tally2.so
just after pam_env.so
. So I want it to be:
auth required pam_env.so
auth required pam_tally2.so onerr=fail audit silent deny=5 unlock_time=900
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
The script that I'm using is :
#! /bin/bash
grep "pam_tally2" /etc/pam.d/system-auth-ac &> /dev/null
if [ $? -ne 0 ];
then
sed -i '/^[]*account[]*required[]*pam_unix.so/aauth\trequired\tpam_tally2.so onerr=fail audit silent deny=5 unlock_time=900' /etc/pam.d/system-auth-ac
else
sed -i 's/.*pam_tally2.*/auth\trequired\tpam_tally2.so onerr=fail audit silent deny=5 unlock_time=900/1' /etc/pam.d/system-auth-ac
fi
But it gives this error:
sed: -e expression #1, char 116: unterminated address regex
What am I doing wrong ?
You can use a
command in gnu-sed:
sed -i.bak '/pam_env\.so$/a\
auth required pam_tally2.so onerr=fail audit silent deny=5 unlock_time=900
' /etc/pam.d/system-auth-ac
EDIT: Looking at your posted answer it seems this awk
command will be more suitable for you than grep
and 2 sed
commands in if/else
condition:
val='auth\trequired\tpam_tally2.so onerr=fail audit silent deny=5 unlock_time=900'
awk -v val="$val" '/^auth[[:blank:]]+required[[:blank:]]+pam_env\.so/ {
print $0 RS val; next} /pam_tally2\.so/{next} 1' /etc/pam.d/system-auth-ac
auth required pam_env.so
uth required pam_tally2.so onerr=fail audit silent deny=5 unlock_time=900
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
You may use the below sed command.
sed 's/^auth[[:blank:]]\+required[[:blank:]]\+pam_env\.so/&\nauth required pam_tally2.so onerr=fail audit silent deny=5 unlock_time=900' file
Your regex fails because you're repeating an empty character class []
, zero or more times, which won't make any sense. So you need to change []*
to [ ]*
or <space>*
to repeat an empty space character zero or ore times.
My Script actually should have been:
#! /bin/bash
grep "pam_tally2" /etc/pam.d/system-auth-ac &> /dev/null
if [ $? -ne 0 ];
then
sed -i '/^[ ]*auth[ ]*required[ ]*pam_env.so/aauth\trequired\tpam_tally2.so onerr=fail audit silent deny=5 unlock_time=900' /etc/pam.d/system-auth-ac
else
sed -i 's/.*pam_tally2.*/auth\trequired\tpam_tally2.so onerr=fail audit silent deny=5 unlock_time=900/1' /etc/pam.d/system-auth-ac
fi
Works fine!
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.