From 9a7a6c1557f3d9839db42c82b82ed8aad1653bde Mon Sep 17 00:00:00 2001 From: Félix Sipma Date: Mon, 14 Dec 2015 11:31:25 +0100 Subject: User: add systemAccountFor and simpleSystemAccount properties (cherry picked from commit 4075a38db0fad4ef6e0c99e13c40ad9e0d54ec8b) --- src/Propellor/Property/User.hs | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/src/Propellor/Property/User.hs b/src/Propellor/Property/User.hs index ea88a1b3..aef9ee57 100644 --- a/src/Propellor/Property/User.hs +++ b/src/Propellor/Property/User.hs @@ -18,6 +18,30 @@ accountFor user@(User u) = check nohomedir go , u ] +simpleSystemAccount :: User -> Property NoInfo +simpleSystemAccount u = systemAccountFor u Nothing (Just (Group "nogroup")) + +systemAccountFor :: User -> Maybe FilePath -> Maybe Group -> Property NoInfo +systemAccountFor (User u) mhome mgroup = check nouser go + `describe` ("system account for " ++ u) + where + nouser = isNothing <$> catchMaybeIO (getUserEntryForName u) + go = cmdProperty "adduser" $ + [ "--system" ] + ++ + "--home" : maybe + ["/nonexistent", "--no-create-home"] + ( \h -> [ h ] ) + mhome + ++ + maybe [] ( \(Group g) -> ["--ingroup", g] ) mgroup + ++ + [ "--shell", "/usr/bin/nologin" + , "--disabled-login" + , "--disabled-password" + , u + ] + -- | Removes user home directory!! Use with caution. nuked :: User -> Eep -> Property NoInfo nuked user@(User u) _ = check hashomedir go @@ -131,7 +155,7 @@ hasDesktopGroups user@(User u) = property desc $ do desc = "user " ++ u ++ " is in standard desktop groups" -- This list comes from user-setup's debconf -- template named "passwd/user-default-groups" - desktopgroups = + desktopgroups = [ "audio" , "cdrom" , "dip" -- cgit v1.2.3 From 402b6b4a0b78142cb3cdc566b91b3a6fd1fe091b Mon Sep 17 00:00:00 2001 From: Félix Sipma Date: Mon, 14 Dec 2015 19:13:20 +0100 Subject: User: systemAccountFor and systemAccountFor' (cherry picked from commit f56f9696a998d32d6d5c4eca29b28ee60def2db0) --- src/Propellor/Property/User.hs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Propellor/Property/User.hs b/src/Propellor/Property/User.hs index aef9ee57..c9c91a77 100644 --- a/src/Propellor/Property/User.hs +++ b/src/Propellor/Property/User.hs @@ -18,11 +18,11 @@ accountFor user@(User u) = check nohomedir go , u ] -simpleSystemAccount :: User -> Property NoInfo -simpleSystemAccount u = systemAccountFor u Nothing (Just (Group "nogroup")) +systemAccountFor :: User -> Property NoInfo +systemAccountFor user@(User u) = systemAccountFor' user Nothing (Just (Group u)) -systemAccountFor :: User -> Maybe FilePath -> Maybe Group -> Property NoInfo -systemAccountFor (User u) mhome mgroup = check nouser go +systemAccountFor' :: User -> Maybe FilePath -> Maybe Group -> Property NoInfo +systemAccountFor' (User u) mhome mgroup = check nouser go `describe` ("system account for " ++ u) where nouser = isNothing <$> catchMaybeIO (getUserEntryForName u) -- cgit v1.2.3 From b67c39f990ef0ccf465280e0ecdcbff85b94857c Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 14 Dec 2015 14:54:51 -0400 Subject: changelog --- debian/changelog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/debian/changelog b/debian/changelog index 1f3706f5..d7f29c31 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,8 @@ propellor (2.15.1) UNRELEASED; urgency=medium * Added git configs propellor.spin-branch and propellor.forbid-dirty-spin. Thanks, Sean Whitton. + * Added User.systemAccountFor and User.systemAccountFor' properties. + Thanks, Félix Sipma. -- Joey Hess Tue, 08 Dec 2015 11:59:43 -0400 -- cgit v1.2.3