2014-03-31 03:37:54 +00:00
|
|
|
module Propellor.Property.Sudo where
|
2014-03-31 00:46:31 +00:00
|
|
|
|
|
|
|
|
import Data.List
|
|
|
|
|
|
2014-03-31 03:55:59 +00:00
|
|
|
import Propellor
|
2014-03-31 03:37:54 +00:00
|
|
|
import Propellor.Property.File
|
|
|
|
|
import qualified Propellor.Property.Apt as Apt
|
|
|
|
|
import Propellor.Property.User
|
2014-03-31 00:46:31 +00:00
|
|
|
|
2014-04-03 06:27:17 +00:00
|
|
|
-- | Allows a user to sudo. If the user has a password, sudo is configured
|
|
|
|
|
-- to require it. If not, NOPASSWORD is enabled for the user.
|
2014-03-31 00:46:31 +00:00
|
|
|
enabledFor :: UserName -> Property
|
|
|
|
|
enabledFor user = Property desc go `requires` Apt.installed ["sudo"]
|
|
|
|
|
where
|
|
|
|
|
go = do
|
|
|
|
|
locked <- isLockedPassword user
|
|
|
|
|
ensureProperty $
|
|
|
|
|
fileProperty desc
|
|
|
|
|
(modify locked . filter (wanted locked))
|
|
|
|
|
"/etc/sudoers"
|
|
|
|
|
desc = user ++ " is sudoer"
|
|
|
|
|
sudobaseline = user ++ " ALL=(ALL:ALL)"
|
|
|
|
|
sudoline True = sudobaseline ++ " NOPASSWD:ALL"
|
2014-03-31 00:49:26 +00:00
|
|
|
sudoline False = sudobaseline ++ " ALL"
|
2014-03-31 00:46:31 +00:00
|
|
|
wanted locked l
|
2014-04-03 06:27:17 +00:00
|
|
|
-- TOOD: Full sudoers file format parse..
|
2014-03-31 00:46:31 +00:00
|
|
|
| not (sudobaseline `isPrefixOf` l) = True
|
|
|
|
|
| "NOPASSWD" `isInfixOf` l = locked
|
|
|
|
|
| otherwise = True
|
|
|
|
|
modify locked ls
|
|
|
|
|
| sudoline locked `elem` ls = ls
|
|
|
|
|
| otherwise = ls ++ [sudoline locked]
|
