propellor/src/Propellor/Property/Sudo.hs

33 lines
1007 B
Haskell
Raw Normal View History

2014-03-31 03:37:54 +00:00
module Propellor.Property.Sudo where
2014-03-31 00:46:31 +00:00
import Data.List
2014-03-31 03:55:59 +00:00
import Propellor
2014-03-31 03:37:54 +00:00
import Propellor.Property.File
import qualified Propellor.Property.Apt as Apt
import Propellor.Property.User
2014-03-31 00:46:31 +00:00
2014-04-03 06:27:17 +00:00
-- | Allows a user to sudo. If the user has a password, sudo is configured
-- to require it. If not, NOPASSWORD is enabled for the user.
2014-03-31 00:46:31 +00:00
enabledFor :: UserName -> Property
enabledFor user = property desc go `requires` Apt.installed ["sudo"]
2014-03-31 00:46:31 +00:00
where
go = do
locked <- liftIO $ isLockedPassword user
2014-03-31 00:46:31 +00:00
ensureProperty $
fileProperty desc
(modify locked . filter (wanted locked))
"/etc/sudoers"
desc = user ++ " is sudoer"
sudobaseline = user ++ " ALL=(ALL:ALL)"
sudoline True = sudobaseline ++ " NOPASSWD:ALL"
2014-03-31 00:49:26 +00:00
sudoline False = sudobaseline ++ " ALL"
2014-03-31 00:46:31 +00:00
wanted locked l
2014-04-03 06:27:17 +00:00
-- TOOD: Full sudoers file format parse..
2014-03-31 00:46:31 +00:00
| not (sudobaseline `isPrefixOf` l) = True
| "NOPASSWD" `isInfixOf` l = locked
| otherwise = True
modify locked ls
2014-03-31 00:46:31 +00:00
| sudoline locked `elem` ls = ls
| otherwise = ls ++ [sudoline locked]