propellor spin

author: Joey Hess <joey@kitenet.net> 2014-03-30 20:46:31 -0400
committer: Joey Hess <joey@kitenet.net> 2014-03-30 20:46:31 -0400
commit: 1c65b86f8302cd42152e26c9d4fd24285a8e70c0 (patch)
tree: df3554173dcdf92baf9c7f9ff458f6a97ee4a62b /Property
parent: a920555ed1da6a8608781a80cbe0fdae6f075b03 (diff)
1 files changed, 31 insertions, 0 deletions
diff --git a/Property/Sudo.hs b/Property/Sudo.hs
new file mode 100644
index 00000000..175f453a
--- /dev/null
+++ b/Property/Sudo.hs
@@ -0,0 +1,31 @@
+module Property.Sudo where
+
+import Data.List
+
+import Common
+import Property.File
+import qualified Property.Apt as Apt
+import Property.User
+
+{- Allows a user to sudo. If the user has a password, sudo is configured
+ - to require it. If not, NOPASSWORD is enabled for the user. -}
+enabledFor :: UserName -> Property
+enabledFor user = Property desc go `requires` Apt.installed ["sudo"]
+  where
+	go = do
+		locked <- isLockedPassword user
+		ensureProperty $
+			fileProperty desc
+				(modify locked . filter (wanted locked))
+				"/etc/sudoers"
+	desc = user ++ " is sudoer"
+	sudobaseline = user ++ " ALL=(ALL:ALL)"
+	sudoline True = sudobaseline ++ " NOPASSWD:ALL"
+	sudoline False = sudobaseline
+	wanted locked l
+		| not (sudobaseline `isPrefixOf` l) = True
+		| "NOPASSWD" `isInfixOf` l = locked
+		| otherwise = True
+ 	modify locked ls
+		| sudoline locked `elem` ls = ls
+		| otherwise = ls ++ [sudoline locked]
author	Joey Hess <joey@kitenet.net>	2014-03-30 20:46:31 -0400
committer	Joey Hess <joey@kitenet.net>	2014-03-30 20:46:31 -0400
commit	1c65b86f8302cd42152e26c9d4fd24285a8e70c0 (patch)
tree	df3554173dcdf92baf9c7f9ff458f6a97ee4a62b /Property
parent	a920555ed1da6a8608781a80cbe0fdae6f075b03 (diff)