From 030f13f2d0501c9fb42c8f1efa0a15fa63c94d67 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 6 Dec 2015 14:24:44 -0400 Subject: allow using `check` on a UncheckedProperty, which yields a Property --- src/Propellor/Property/User.hs | 56 +++++++++++++++++++----------------------- 1 file changed, 25 insertions(+), 31 deletions(-) (limited to 'src/Propellor/Property/User.hs') diff --git a/src/Propellor/Property/User.hs b/src/Propellor/Property/User.hs index 84d20e62..ea88a1b3 100644 --- a/src/Propellor/Property/User.hs +++ b/src/Propellor/Property/User.hs @@ -8,28 +8,26 @@ import qualified Propellor.Property.File as File data Eep = YesReallyDeleteHome accountFor :: User -> Property NoInfo -accountFor user@(User u) = check nohomedir $ - cmdProperty "adduser" +accountFor user@(User u) = check nohomedir go + `describe` ("account for " ++ u) + where + nohomedir = isNothing <$> catchMaybeIO (homedir user) + go = cmdProperty "adduser" [ "--disabled-password" , "--gecos", "" , u ] - `assume` MadeChange - `describe` ("account for " ++ u) - where - nohomedir = isNothing <$> catchMaybeIO (homedir user) -- | Removes user home directory!! Use with caution. nuked :: User -> Eep -> Property NoInfo -nuked user@(User u) _ = check hashomedir $ - cmdProperty "userdel" +nuked user@(User u) _ = check hashomedir go + `describe` ("nuked user " ++ u) + where + hashomedir = isJust <$> catchMaybeIO (homedir user) + go = cmdProperty "userdel" [ "-r" , u ] - `assume` MadeChange - `describe` ("nuked user " ++ u) - where - hashomedir = isJust <$> catchMaybeIO (homedir user) -- | Only ensures that the user has some password set. It may or may -- not be a password from the PrivData. @@ -83,13 +81,13 @@ chpasswd (User user) v ps = makeChange $ withHandle StdinHandle createProcessSuc hClose h lockedPassword :: User -> Property NoInfo -lockedPassword user@(User u) = check (not <$> isLockedPassword user) $ - cmdProperty "passwd" +lockedPassword user@(User u) = check (not <$> isLockedPassword user) go + `describe` ("locked " ++ u ++ " password") + where + go = cmdProperty "passwd" [ "--lock" , u ] - `assume` MadeChange - `describe` ("locked " ++ u ++ " password") data PasswordStatus = NoPassword | LockedPassword | HasPassword deriving (Eq) @@ -109,15 +107,14 @@ homedir :: User -> IO FilePath homedir (User user) = homeDirectory <$> getUserEntryForName user hasGroup :: User -> Group -> Property NoInfo -hasGroup (User user) (Group group') = check test $ - cmdProperty "adduser" +hasGroup (User user) (Group group') = check test go + `describe` unwords ["user", user, "in group", group'] + where + test = not . elem group' . words <$> readProcess "groups" [user] + go = cmdProperty "adduser" [ user , group' ] - `assume` MadeChange - `describe` unwords ["user", user, "in group", group'] - where - test = not . elem group' . words <$> readProcess "groups" [user] -- | Gives a user access to the secondary groups, including audio and -- video, that the OS installer normally gives a desktop user access to. @@ -150,13 +147,11 @@ hasDesktopGroups user@(User u) = property desc $ do -- | Controls whether shadow passwords are enabled or not. shadowConfig :: Bool -> Property NoInfo -shadowConfig True = check (not <$> shadowExists) $ - cmdProperty "shadowconfig" ["on"] - `assume` MadeChange +shadowConfig True = check (not <$> shadowExists) + (cmdProperty "shadowconfig" ["on"]) `describe` "shadow passwords enabled" -shadowConfig False = check shadowExists $ - cmdProperty "shadowconfig" ["off"] - `assume` MadeChange +shadowConfig False = check shadowExists + (cmdProperty "shadowconfig" ["off"]) `describe` "shadow passwords disabled" shadowExists :: IO Bool @@ -168,9 +163,8 @@ hasLoginShell :: User -> FilePath -> Property NoInfo hasLoginShell user loginshell = shellSetTo user loginshell `requires` shellEnabled loginshell shellSetTo :: User -> FilePath -> Property NoInfo -shellSetTo (User u) loginshell = check needchangeshell $ - cmdProperty "chsh" ["--shell", loginshell, u] - `assume` MadeChange +shellSetTo (User u) loginshell = check needchangeshell + (cmdProperty "chsh" ["--shell", loginshell, u]) `describe` (u ++ " has login shell " ++ loginshell) where needchangeshell = do -- cgit v1.2.3