From 53f404b7de69e8656273fcff46d5507fbce35118 Mon Sep 17 00:00:00 2001
From: Dominik Richter <dominik.richter@gmail.com>
Date: Tue, 1 Jul 2014 12:43:39 +0200
Subject: [PATCH 1/2] remove only_if conditional for user replacement

for tests we don't have to go the extra step, it doesn't matter much and removes one more check we have to maintain

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
---
 default/puppet/manifests/site.pp | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/default/puppet/manifests/site.pp b/default/puppet/manifests/site.pp
index cf897d8..d252f36 100644
--- a/default/puppet/manifests/site.pp
+++ b/default/puppet/manifests/site.pp
@@ -5,8 +5,7 @@
 # but still get an impossible password - so the aim of locking
 # is still present, while SSH login is possible.
 exec { "unlock users":
-  command => "sed 's/^\\([^:]*:\\)\\!/\\1*/' -i /etc/shadow",
-  onlyif => 'test -n "$(grep "^[^:]*:\!" -o /etc/shadow)"'
+  command => "sed 's/^\\([^:]*:\\)\\!/\\1*/' -i /etc/shadow"
 }
 
 class { 'ssh_hardening': }

From c9900f99b1a7642447a595e5cefe833aac811ea9 Mon Sep 17 00:00:00 2001
From: Dominik Richter <dominik.richter@gmail.com>
Date: Tue, 1 Jul 2014 12:43:57 +0200
Subject: [PATCH 2/2] fully qualify sed command

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
---
 default/puppet/manifests/site.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/default/puppet/manifests/site.pp b/default/puppet/manifests/site.pp
index d252f36..d0643dc 100644
--- a/default/puppet/manifests/site.pp
+++ b/default/puppet/manifests/site.pp
@@ -5,7 +5,7 @@
 # but still get an impossible password - so the aim of locking
 # is still present, while SSH login is possible.
 exec { "unlock users":
-  command => "sed 's/^\\([^:]*:\\)\\!/\\1*/' -i /etc/shadow"
+  command => "/usr/bin/sed 's/^\\([^:]*:\\)\\!/\\1*/' -i /etc/shadow"
 }
 
 class { 'ssh_hardening': }