summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/File.hs
diff options
context:
space:
mode:
authorJoey Hess2015-09-20 15:03:51 -0400
committerJoey Hess2015-09-20 15:03:51 -0400
commit40908a6ff603caf70a0f8653a3f6fda13e05cd37 (patch)
tree8b01c8fffa6d9307feaa6cf617c00a31af59bff4 /src/Propellor/Property/File.hs
parent174fc58787ed585e047febb206d205daa447dee1 (diff)
make sure aiccu.conf is only readable by root, even if it had a different mode to start with
Diffstat (limited to 'src/Propellor/Property/File.hs')
-rw-r--r--src/Propellor/Property/File.hs10
1 files changed, 9 insertions, 1 deletions
diff --git a/src/Propellor/Property/File.hs b/src/Propellor/Property/File.hs
index 4563fe79..a1d3037f 100644
--- a/src/Propellor/Property/File.hs
+++ b/src/Propellor/Property/File.hs
@@ -10,7 +10,15 @@ type Line = String
-- | Replaces all the content of a file.
hasContent :: FilePath -> [Line] -> Property NoInfo
-f `hasContent` newcontent = fileProperty ("replace " ++ f)
+f `hasContent` newcontent = fileProperty
+ ("replace " ++ f)
+ (\_oldcontent -> newcontent) f
+
+-- | Replaces all the content of a file, ensuring that its modes do not
+-- allow it to be read or written by anyone other than the current user
+hasContentProtected :: FilePath -> [Line] -> Property NoInfo
+f `hasContentProtected` newcontent = fileProperty' writeFileProtected
+ ("replace " ++ f)
(\_oldcontent -> newcontent) f
-- | Ensures a file has contents that comes from PrivData.