summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog1
-rw-r--r--src/Propellor/Property/Sudo.hs12
2 files changed, 13 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index eff0efd3..f0b8db04 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,7 @@ propellor (5.5.0) UNRELEASED; urgency=medium
guesses can lead to ugly surprises. (API change)
* Added Systemd.escapePath helper function useful when creating mount
units.
+ * Added Sudo.sudoersDFile property.
-- Joey Hess <id@joeyh.name> Thu, 09 Aug 2018 10:54:41 -0400
diff --git a/src/Propellor/Property/Sudo.hs b/src/Propellor/Property/Sudo.hs
index ad955a7a..c2f0ac4e 100644
--- a/src/Propellor/Property/Sudo.hs
+++ b/src/Propellor/Property/Sudo.hs
@@ -41,3 +41,15 @@ enabledFor user@(User u) = setup `requires` Apt.installed ["sudo"] <!> cleanup
modify locked ls
| sudoline locked `elem` ls = ls
| otherwise = ls ++ [sudoline locked]
+
+-- | Sets up a file in /etc/sudoers.d/, which /etc/sudoers includes,
+-- with the specified content.
+--
+-- The FilePath can be relative to that directory.
+sudoersDFile :: FilePath -> [Line] -> RevertableProperty DebianLike Linux
+sudoersDFile dfile content = setup `requires` Apt.installed ["sudo"] <!> cleanup
+ where
+ f = "/etc/sudoers.d" </> dfile
+ -- sudoers.d files should not be world readable
+ setup = hasContentProtected f content
+ cleanup = tightenTargets $ notPresent f