blob: 33fbf67e229b5eaaf02d6b8f73c07d2e5348964d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
module Property.Sudo where
import Data.List
import Common
import Property.File
import qualified Property.Apt as Apt
import Property.User
{- Allows a user to sudo. If the user has a password, sudo is configured
- to require it. If not, NOPASSWORD is enabled for the user. -}
enabledFor :: UserName -> Property
enabledFor user = Property desc go `requires` Apt.installed ["sudo"]
where
go = do
locked <- isLockedPassword user
ensureProperty $
fileProperty desc
(modify locked . filter (wanted locked))
"/etc/sudoers"
desc = user ++ " is sudoer"
sudobaseline = user ++ " ALL=(ALL:ALL)"
sudoline True = sudobaseline ++ " NOPASSWD:ALL"
sudoline False = sudobaseline ++ " ALL"
wanted locked l
| not (sudobaseline `isPrefixOf` l) = True
| "NOPASSWD" `isInfixOf` l = locked
| otherwise = True
modify locked ls
| sudoline locked `elem` ls = ls
| otherwise = ls ++ [sudoline locked]
|