[hostcfgd] avoid in place editing config file contents (#3904)
In place editing (sed -i) seems having some issues with filesystem interaction. It could leave 0 size file or corrupted file behind. It would be safer to sed the file contents into a new file and switch new file with the old file. Signed-off-by: Ying Xie <ying.xie@microsoft.com>
This commit is contained in:
parent
f24ee3b49e
commit
759bde3a43
@ -176,6 +176,11 @@ class AaaCfg(object):
|
|||||||
if modify_conf:
|
if modify_conf:
|
||||||
self.modify_conf_file()
|
self.modify_conf_file()
|
||||||
|
|
||||||
|
def modify_single_file(self, filename, operations=None):
|
||||||
|
if operations:
|
||||||
|
cmd = "sed -e {0} {1} > {1}.new; mv -f {1} {1}.old; mv -f {1}.new {1}".format(' -e '.join(operations), filename)
|
||||||
|
os.system(cmd)
|
||||||
|
|
||||||
def modify_conf_file(self):
|
def modify_conf_file(self):
|
||||||
auth = self.auth_default.copy()
|
auth = self.auth_default.copy()
|
||||||
auth.update(self.auth)
|
auth.update(self.auth)
|
||||||
@ -201,19 +206,19 @@ class AaaCfg(object):
|
|||||||
|
|
||||||
# Modify common-auth include file in /etc/pam.d/login and sshd
|
# Modify common-auth include file in /etc/pam.d/login and sshd
|
||||||
if os.path.isfile(PAM_AUTH_CONF):
|
if os.path.isfile(PAM_AUTH_CONF):
|
||||||
os.system("sed -i -e '/^@include/s/common-auth$/common-auth-sonic/' /etc/pam.d/sshd")
|
self.modify_single_file('/etc/pam.d/sshd', [ "'/^@include/s/common-auth$/common-auth-sonic/'" ])
|
||||||
os.system("sed -i -e '/^@include/s/common-auth$/common-auth-sonic/' /etc/pam.d/login")
|
self.modify_single_file('/etc/pam.d/login', [ "'/^@include/s/common-auth$/common-auth-sonic/'" ])
|
||||||
else:
|
else:
|
||||||
os.system("sed -i -e '/^@include/s/common-auth-sonic$/common-auth/' /etc/pam.d/sshd")
|
self.modify_single_file('/etc/pam.d/sshd', [ "'/^@include/s/common-auth-sonic$/common-auth/'" ])
|
||||||
os.system("sed -i -e '/^@include/s/common-auth-sonic$/common-auth/' /etc/pam.d/login")
|
self.modify_single_file('/etc/pam.d/login', [ "'/^@include/s/common-auth-sonic$/common-auth/'" ])
|
||||||
|
|
||||||
# Add tacplus in nsswitch.conf if TACACS+ enable
|
# Add tacplus in nsswitch.conf if TACACS+ enable
|
||||||
if 'tacacs+' in auth['login']:
|
if 'tacacs+' in auth['login']:
|
||||||
if os.path.isfile(NSS_CONF):
|
if os.path.isfile(NSS_CONF):
|
||||||
os.system("sed -i -e '/tacplus/b' -e '/^passwd/s/compat/tacplus &/' /etc/nsswitch.conf")
|
self.modify_single_file(NSS_CONF, [ "'/tacplus/b'", "'/^passwd/s/compat/tacplus &/'"])
|
||||||
else:
|
else:
|
||||||
if os.path.isfile(NSS_CONF):
|
if os.path.isfile(NSS_CONF):
|
||||||
os.system("sed -i -e '/^passwd/s/tacplus //' /etc/nsswitch.conf")
|
self.modify_single_file(NSS_CONF, [ "'/^passwd/s/tacplus //'" ])
|
||||||
|
|
||||||
# Set tacacs+ server in nss-tacplus conf
|
# Set tacacs+ server in nss-tacplus conf
|
||||||
template_file = os.path.abspath(NSS_TACPLUS_CONF_TEMPLATE)
|
template_file = os.path.abspath(NSS_TACPLUS_CONF_TEMPLATE)
|
||||||
|
Loading…
Reference in New Issue
Block a user