force default allow after deny first

jjackzhn · jjackzhn · commit 3d84887b882f · 2024-06-24T18:01:12.000-05:00
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -37,20 +37,13 @@
     Array[ String[1] ] $required_pkgs,
 ) {
 
-  include pam_access
+    include pam_access
 
     ### Make sure pam is installed
     ensure_packages( $required_pkgs )
 
     ### Configure access.conf
 
-    pam_access::entry { 'Default Allow':
-        user       => 'root',
-        origin     => 'LOCAL',
-        permission => '+',
-        position   => 'before',
-    }
-
     pam_access::entry { 'Default Deny':
         user       => 'ALL',
         origin     => 'ALL',
@@ -75,6 +68,13 @@
           'position'   => 'before',
         }
     )
+    -> pam_access::entry { 'Default Allow':
+        user       => 'root',
+        origin     => 'LOCAL',
+        permission => '+',
+        position   => 'before',
+    }
+
 
     ### Configure pam
     ensure_resources( 'pam', $pam_config )
