From b5284cc23fc7ce49a3f75762d6387c28dbb174eb Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 30 Mar 2014 00:17:44 -0400 Subject: password locking --- HostProp.hs | 3 +++ Property/User.hs | 13 +++++++++++++ TODO | 1 + 3 files changed, 17 insertions(+) diff --git a/HostProp.hs b/HostProp.hs index 821fe9ef..e0ed8f2a 100644 --- a/HostProp.hs +++ b/HostProp.hs @@ -24,7 +24,10 @@ getProperties "clam" = , GitHome.installedFor "root" , check (Ssh.hasAuthorizedKeys "root") $ Ssh.passwordAuthentication False + , check (Ssh.hasAuthorizedKeys "root") $ + User.lockedPassword "root" , User.nonsystem "joey" + , User.nuked "user" , Apt.installed ["sudo"] , fileHasContent "/etc/sudoers" ["joey ALL=(ALL:ALL) ALL"] , GitHome.installedFor "joey" diff --git a/Property/User.hs b/Property/User.hs index 3ab5f570..47d6fb5b 100644 --- a/Property/User.hs +++ b/Property/User.hs @@ -17,5 +17,18 @@ nonsystem user = check (isNothing <$> homedir user) $ cmdProperty "adduser" , Param user ] +{- Removes user home directory!! Use with caution. -} +nuked :: UserName -> Property +nuked user = check (isJust <$> homedir user) $ cmdProperty "userdel" + [ Param "-r" + , Param user + ] + +lockedPassword :: UserName -> Property +lockedPassword user = cmdProperty "passwd" + [ Param "--lock" + , Param user + ] + homedir :: UserName -> IO (Maybe FilePath) homedir user = catchMaybeIO $ homeDirectory <$> getUserEntryForName user diff --git a/TODO b/TODO index 02283f0b..39621d32 100644 --- a/TODO +++ b/TODO @@ -3,3 +3,4 @@ but only once despite many config changes being made to satisfy properties. onChange is a poor substitute. * Apt upgrade does not avoid apt-listchanges and debconf prompts. +* I often seem to want to be able to combine Properties monadically. -- cgit v1.2.3