Modifying the a specific string using sed in a file

Question

I have a file called /etc/pam.d/system-auth and the current content is like this.

[root@localhost ~]# cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_fprintd.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so sha256 shadow nullok try_first_pass use_au                                                                                        thtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet                                                                                         use_uid
session     required      pam_unix.so
[root@localhost ~]#

I need to modify this line password requisite pam_cracklib.so try_first_pass retry=3 type= with this string password requisite pam_cracklib.so try_first_pass retry=3 minlen=14 ucredit=-1 dcredit=-1 ocredit=-1 lcredit=-1.

I used the following sed command, But it did gave me the substituted string.

[root@localhost ~]# sed 's/\(\(password\(\s+)requisite\(\s+\)pam_cracklib.so\(.*?\)\) type=\)/\2 minlen=14 ucredit=-1 dcredit=-1 ocredit=-1 lcredit=-1/' /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_fprintd.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so sha256 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
[root@localhost ~]#

I'm not able to understand where I am going wrong?

Answer 1

Avoid using / in sed, instead use ; so it will be much cleaner,with -E

sed -E 's;(pam_cracklib.so\s+try_first_pass\s+)(retry=3\s+)type=;\1\2 minlen=14 ucredit=-1 dcredit=-1 ocredit=-1 lcredit=-1;g'

Answer 2

Use this sed:

sed 's/\(\(password\(\s\+\)requisite\(\s\+\)pam_cracklib.so\(.*\?\)\) type=\)/\2 minlen=14 ucredit=-1 dcredit=-1 ocredit=-1 lcredit=-1/' file

Two problems in your sed:

• + and ? - You have escape it to get extended regEx behavior
• \s - Missed in password\(\) grouping

Clear version of sed:

sed 's/^\(\(password\s\+requisite\s\+pam_cracklib.so.*\) type=\)/\2 minlen=14 ucredit=-1 dcredit=-1 ocredit=-1 lcredit=-1/'

If your sed supports -E option,

sed -E 's/^(password\s+requisite\s+pam_cracklib.so.*)( type=)/\1 minlen=14 ucredit=-1 dcredit=-1 ocredit=-1 lcredit=-1/'

Answer 3

Your regex was completely wrong, for example the \(\) between two words here is nonsense: password\(\)requisite

The regex was also overcomplicated for what it needs to do. For example you only need one group, from password until before type=, no need for all those small groups in between.

Lastly, it's a minor thing, but probably you want to anchor password with ^ to leave alone (don't modify) similar lines that might be commented out in the file.

Corrected and simplified:

sed 's/^\(password\s\+requisite\s\+pam_cracklib.so.\+\) type=/\1 minlen=14 ucredit=-1 dcredit=-1 ocredit=-1 lcredit=-1/'