summaryrefslogtreecommitdiff
path: root/src/Propellor
diff options
context:
space:
mode:
authorJoey Hess2017-07-10 14:29:51 -0400
committerJoey Hess2017-07-10 14:29:51 -0400
commit280ac6ff667302c85a5fccb3902a858bde6ecde7 (patch)
treed9b381f1f397ef832032a35f461b28f933bc6a93 /src/Propellor
parent8f983b3da19bf1009d4aa3c9a2aed282dde2f4e7 (diff)
parent7013d3b4cd2f572bed15532042c0ebb8d44d4da0 (diff)
Merge remote-tracking branch 'felix/system-group'
Diffstat (limited to 'src/Propellor')
-rw-r--r--src/Propellor/Property/User.hs25
1 files changed, 18 insertions, 7 deletions
diff --git a/src/Propellor/Property/User.hs b/src/Propellor/Property/User.hs
index ce2611bc..0b5bdddc 100644
--- a/src/Propellor/Property/User.hs
+++ b/src/Propellor/Property/User.hs
@@ -22,17 +22,18 @@ systemAccountFor :: User -> Property DebianLike
systemAccountFor user@(User u) = systemAccountFor' user Nothing (Just (Group u))
systemAccountFor' :: User -> Maybe FilePath -> Maybe Group -> Property DebianLike
-systemAccountFor' (User u) mhome mgroup = tightenTargets $ check nouser go
+systemAccountFor' (User u) mhome mgroup = case mgroup of
+ Nothing -> prop
+ Just g -> prop
+ `requires` systemGroup g
`describe` ("system account for " ++ u)
where
+ prop = tightenTargets $ check nouser go
nouser = isNothing <$> catchMaybeIO (getUserEntryForName u)
go = cmdProperty "adduser" $
- [ "--system" ]
+ [ "--system", "--home" ]
++
- "--home" : maybe
- ["/nonexistent", "--no-create-home"]
- ( \h -> [ h ] )
- mhome
+ maybe ["/nonexistent", "--no-create-home"] ( \h -> [h] ) mhome
++
maybe [] ( \(Group g) -> ["--ingroup", g] ) mgroup
++
@@ -42,6 +43,16 @@ systemAccountFor' (User u) mhome mgroup = tightenTargets $ check nouser go
, u
]
+systemGroup :: Group -> Property UnixLike
+systemGroup (Group g) = check nogroup go
+ `describe` ("system account for " ++ g)
+ where
+ nogroup = isNothing <$> catchMaybeIO (getGroupEntryForName g)
+ go = cmdProperty "addgroup"
+ [ "--system"
+ , g
+ ]
+
-- | Removes user home directory!! Use with caution.
nuked :: User -> Eep -> Property Linux
nuked user@(User u) _ = tightenTargets $ check hashomedir go
@@ -111,7 +122,7 @@ chpasswd (User user) v ps = makeChange $ withHandle StdinHandle createProcessSuc
hClose h
lockedPassword :: User -> Property DebianLike
-lockedPassword user@(User u) = tightenTargets $
+lockedPassword user@(User u) = tightenTargets $
check (not <$> isLockedPassword user) go
`describe` ("locked " ++ u ++ " password")
where