summaryrefslogtreecommitdiff
path: root/Propellor/Property/Sudo.hs
diff options
context:
space:
mode:
authorJoey Hess2014-03-30 23:37:54 -0400
committerJoey Hess2014-03-30 23:37:54 -0400
commit380c1b0fd6c25dec3c924b82f1d721aa91a001da (patch)
tree7d5b73309b73f13ac2be3f911318fe6a126264ff /Propellor/Property/Sudo.hs
parent02a7bf5f0e2de1d0dea71781ed0c1ae3a50e6425 (diff)
prepare for hackage
Diffstat (limited to 'Propellor/Property/Sudo.hs')
-rw-r--r--Propellor/Property/Sudo.hs34
1 files changed, 34 insertions, 0 deletions
diff --git a/Propellor/Property/Sudo.hs b/Propellor/Property/Sudo.hs
new file mode 100644
index 00000000..05484411
--- /dev/null
+++ b/Propellor/Property/Sudo.hs
@@ -0,0 +1,34 @@
+module Propellor.Property.Sudo where
+
+import Data.List
+
+import Propellor.Common
+import Propellor.Property.File
+import qualified Propellor.Property.Apt as Apt
+import Propellor.Property.User
+
+{- | Allows a user to sudo. If the user has a password, sudo is configured
+ - to require it. If not, NOPASSWORD is enabled for the user.
+ -
+ - TOOD: Full sudoers file format parse..
+ -}
+enabledFor :: UserName -> Property
+enabledFor user = Property desc go `requires` Apt.installed ["sudo"]
+ where
+ go = do
+ locked <- isLockedPassword user
+ ensureProperty $
+ fileProperty desc
+ (modify locked . filter (wanted locked))
+ "/etc/sudoers"
+ desc = user ++ " is sudoer"
+ sudobaseline = user ++ " ALL=(ALL:ALL)"
+ sudoline True = sudobaseline ++ " NOPASSWD:ALL"
+ sudoline False = sudobaseline ++ " ALL"
+ wanted locked l
+ | not (sudobaseline `isPrefixOf` l) = True
+ | "NOPASSWD" `isInfixOf` l = locked
+ | otherwise = True
+ modify locked ls
+ | sudoline locked `elem` ls = ls
+ | otherwise = ls ++ [sudoline locked]