summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/Propellor/Property/Aiccu.hs2
-rw-r--r--src/Propellor/Property/File.hs10
2 files changed, 10 insertions, 2 deletions
diff --git a/src/Propellor/Property/Aiccu.hs b/src/Propellor/Property/Aiccu.hs
index 16d48832..519b8ce9 100644
--- a/src/Propellor/Property/Aiccu.hs
+++ b/src/Propellor/Property/Aiccu.hs
@@ -46,5 +46,5 @@ hasConfig t u = prop `onChange` reloaded
property "aiccu configured" . writeConfig
writeConfig :: (((PrivDataField, PrivData) -> Propellor Result) -> Propellor Result) -> Propellor Result
writeConfig getpassword = getpassword $ ensureProperty . go
- go (Password _, p) = confPath `File.hasContent` config u t p
+ go (Password _, p) = confPath `File.hasContentProtected` config u t p
go (f, _) = error $ "Unexpected type of privdata: " ++ show f
diff --git a/src/Propellor/Property/File.hs b/src/Propellor/Property/File.hs
index 4563fe79..a1d3037f 100644
--- a/src/Propellor/Property/File.hs
+++ b/src/Propellor/Property/File.hs
@@ -10,7 +10,15 @@ type Line = String
-- | Replaces all the content of a file.
hasContent :: FilePath -> [Line] -> Property NoInfo
-f `hasContent` newcontent = fileProperty ("replace " ++ f)
+f `hasContent` newcontent = fileProperty
+ ("replace " ++ f)
+ (\_oldcontent -> newcontent) f
+
+-- | Replaces all the content of a file, ensuring that its modes do not
+-- allow it to be read or written by anyone other than the current user
+hasContentProtected :: FilePath -> [Line] -> Property NoInfo
+f `hasContentProtected` newcontent = fileProperty' writeFileProtected
+ ("replace " ++ f)
(\_oldcontent -> newcontent) f
-- | Ensures a file has contents that comes from PrivData.