propellor (0.3.0) unstable; urgency=medium

  * ipv6to4: Ensure interface is brought up automatically on boot.
  * Enabling unattended upgrades now ensures that cron is installed and
    running to perform them.
  * Properties can be scheduled to only be checked after a given time period.
  * Fix bootstrapping of dependencies.
  * Fix compilation on Debian stable.
  * Include security updates in sources.list for stable and testing.
  * Use ssh connection caching, especially when bootstrapping.
  * Properties now run in a Propellor monad, which provides access to
    attributes of the host.

# imported from the archive

1 files changed, 32 insertions, 0 deletions

diff --git a/Propellor/Property/Sudo.hs b/Propellor/Property/Sudo.hs
new file mode 100644
index 00000000..66ceb580
--- /dev/null
+++ b/Propellor/Property/Sudo.hs
@@ -0,0 +1,32 @@
+module Propellor.Property.Sudo where
+
+import Data.List
+
+import Propellor
+import Propellor.Property.File
+import qualified Propellor.Property.Apt as Apt
+import Propellor.Property.User
+
+-- | Allows a user to sudo. If the user has a password, sudo is configured
+-- to require it. If not, NOPASSWORD is enabled for the user.
+enabledFor :: UserName -> Property
+enabledFor user = Property desc go `requires` Apt.installed ["sudo"]
+  where
+	go = do
+		locked <- liftIO $ isLockedPassword user
+		ensureProperty $
+			fileProperty desc
+				(modify locked . filter (wanted locked))
+				"/etc/sudoers"
+	desc = user ++ " is sudoer"
+	sudobaseline = user ++ " ALL=(ALL:ALL)"
+	sudoline True = sudobaseline ++ " NOPASSWD:ALL"
+	sudoline False = sudobaseline ++ " ALL"
+	wanted locked l
+		-- TOOD: Full sudoers file format parse.. 
+		| not (sudobaseline `isPrefixOf` l) = True
+		| "NOPASSWD" `isInfixOf` l = locked
+		| otherwise = True
+ 	modify locked ls
+		| sudoline locked `elem` ls = ls
+		| otherwise = ls ++ [sudoline locked]