From cbef4290484f42217a6f26ef04aefaaaa6998add Mon Sep 17 00:00:00 2001 From: Sean Whitton Date: Tue, 9 Apr 2019 18:57:49 -0700 Subject: Add User.ownsWithPrimaryGroup Signed-off-by: Sean Whitton --- src/Propellor/Property/User.hs | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/Propellor/Property/User.hs b/src/Propellor/Property/User.hs index f6bc2c4b..2e2d2c0a 100644 --- a/src/Propellor/Property/User.hs +++ b/src/Propellor/Property/User.hs @@ -148,6 +148,10 @@ isLockedPassword user = (== LockedPassword) <$> getPasswordStatus user homedir :: User -> IO FilePath homedir (User user) = homeDirectory <$> getUserEntryForName user +primaryGroup :: User -> IO Group +primaryGroup (User u) = Group <$> groupName <$> + (getGroupEntryForID =<< (userGroupID <$> getUserEntryForName u)) + hasGroup :: User -> Group -> Property DebianLike hasGroup (User user) (Group group') = tightenTargets $ check test go `describe` unwords ["user", user, "in group", group'] @@ -188,6 +192,14 @@ hasDesktopGroups user@(User u) = property' desc $ \o -> do , "lpadmin" ] +-- | Ensures that a file is owned by a user, and also by that user's primary +-- group. +ownsWithPrimaryGroup :: User -> FilePath -> Property UnixLike +ownsWithPrimaryGroup user@(User u) f = + property' (f ++ " has owner " ++ u) $ \w -> do + group <- liftIO $ primaryGroup user + ensureProperty w $ File.ownerGroup f user group + -- | Controls whether shadow passwords are enabled or not. shadowConfig :: Bool -> Property DebianLike shadowConfig True = tightenTargets $ check (not <$> shadowExists) -- cgit v1.2.3