1

I'm trying to manage OpenSSH's authorized_keys using cfengine.

It's easy to add/delete special lines in authorized_keys, but I cannot figure out how to delete unwanted lines.

e.g. I need to add pubkey_one, pubkey_two, pubkey_three to authorized_key, then delete any lines not listed above.

Any help or hint would appreciated :-)

yegle
  • 5,795
  • 6
  • 39
  • 61

1 Answers1

2

For this particular case, I think the easiest would be to use edit_defaults => empty, so that CFEngine starts from an empty file. Something like this:

files:
  "/home/user/.ssh/authorized_keys"
    edit_defaults => empty,
    edit_line => add_authorized_keys;

Note that body edit_defaults empty is defined in cfengine_stdlib.cf, so you need to include it in your inputs.

Diego Zamboni
  • 543
  • 2
  • 9
  • You are right. For my particular case, empty file first is a good solution. But what if I want to get notified that there's unwanted lines, instead of just deleting unwanted lines? – yegle May 20 '12 at 03:59
  • You could add an "action" attribute to the files: promise, for example something like `action => log_repaired("/some/file", "Had to repair authorized_keys")`. See https://github.com/cfengine/copbl/blob/master/cfengine_stdlib.cf#L717for log_repaired. – Diego Zamboni May 21 '12 at 15:37