From 36ee54ed2feb8adf4d8a9b072617b512cb9a7bed Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 20 Aug 2018 16:36:00 -0400 Subject: Added Sudo.sudoersDFile property. This commit was sponsored by Ewen McNeill on Patreon. --- debian/changelog | 1 + src/Propellor/Property/Sudo.hs | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/debian/changelog b/debian/changelog index eff0efd3..f0b8db04 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,7 @@ propellor (5.5.0) UNRELEASED; urgency=medium guesses can lead to ugly surprises. (API change) * Added Systemd.escapePath helper function useful when creating mount units. + * Added Sudo.sudoersDFile property. -- Joey Hess Thu, 09 Aug 2018 10:54:41 -0400 diff --git a/src/Propellor/Property/Sudo.hs b/src/Propellor/Property/Sudo.hs index ad955a7a..c2f0ac4e 100644 --- a/src/Propellor/Property/Sudo.hs +++ b/src/Propellor/Property/Sudo.hs @@ -41,3 +41,15 @@ enabledFor user@(User u) = setup `requires` Apt.installed ["sudo"] cleanup modify locked ls | sudoline locked `elem` ls = ls | otherwise = ls ++ [sudoline locked] + +-- | Sets up a file in /etc/sudoers.d/, which /etc/sudoers includes, +-- with the specified content. +-- +-- The FilePath can be relative to that directory. +sudoersDFile :: FilePath -> [Line] -> RevertableProperty DebianLike Linux +sudoersDFile dfile content = setup `requires` Apt.installed ["sudo"] cleanup + where + f = "/etc/sudoers.d" dfile + -- sudoers.d files should not be world readable + setup = hasContentProtected f content + cleanup = tightenTargets $ notPresent f -- cgit v1.2.3