summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog2
-rw-r--r--src/Propellor/Property/User.hs26
2 files changed, 27 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog
index 1f3706f5..d7f29c31 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ propellor (2.15.1) UNRELEASED; urgency=medium
* Added git configs propellor.spin-branch and propellor.forbid-dirty-spin.
Thanks, Sean Whitton.
+ * Added User.systemAccountFor and User.systemAccountFor' properties.
+ Thanks, FĂ©lix Sipma.
-- Joey Hess <id@joeyh.name> Tue, 08 Dec 2015 11:59:43 -0400
diff --git a/src/Propellor/Property/User.hs b/src/Propellor/Property/User.hs
index ea88a1b3..c9c91a77 100644
--- a/src/Propellor/Property/User.hs
+++ b/src/Propellor/Property/User.hs
@@ -18,6 +18,30 @@ accountFor user@(User u) = check nohomedir go
, u
]
+systemAccountFor :: User -> Property NoInfo
+systemAccountFor user@(User u) = systemAccountFor' user Nothing (Just (Group u))
+
+systemAccountFor' :: User -> Maybe FilePath -> Maybe Group -> Property NoInfo
+systemAccountFor' (User u) mhome mgroup = check nouser go
+ `describe` ("system account for " ++ u)
+ where
+ nouser = isNothing <$> catchMaybeIO (getUserEntryForName u)
+ go = cmdProperty "adduser" $
+ [ "--system" ]
+ ++
+ "--home" : maybe
+ ["/nonexistent", "--no-create-home"]
+ ( \h -> [ h ] )
+ mhome
+ ++
+ maybe [] ( \(Group g) -> ["--ingroup", g] ) mgroup
+ ++
+ [ "--shell", "/usr/bin/nologin"
+ , "--disabled-login"
+ , "--disabled-password"
+ , u
+ ]
+
-- | Removes user home directory!! Use with caution.
nuked :: User -> Eep -> Property NoInfo
nuked user@(User u) _ = check hashomedir go
@@ -131,7 +155,7 @@ hasDesktopGroups user@(User u) = property desc $ do
desc = "user " ++ u ++ " is in standard desktop groups"
-- This list comes from user-setup's debconf
-- template named "passwd/user-default-groups"
- desktopgroups =
+ desktopgroups =
[ "audio"
, "cdrom"
, "dip"