password locking

This commit is contained in:
Joey Hess 2014-03-30 00:17:44 -04:00
parent 3121c10059
commit b5284cc23f
3 changed files with 17 additions and 0 deletions

View File

@ -24,7 +24,10 @@ getProperties "clam" =
, GitHome.installedFor "root" , GitHome.installedFor "root"
, check (Ssh.hasAuthorizedKeys "root") $ , check (Ssh.hasAuthorizedKeys "root") $
Ssh.passwordAuthentication False Ssh.passwordAuthentication False
, check (Ssh.hasAuthorizedKeys "root") $
User.lockedPassword "root"
, User.nonsystem "joey" , User.nonsystem "joey"
, User.nuked "user"
, Apt.installed ["sudo"] , Apt.installed ["sudo"]
, fileHasContent "/etc/sudoers" ["joey ALL=(ALL:ALL) ALL"] , fileHasContent "/etc/sudoers" ["joey ALL=(ALL:ALL) ALL"]
, GitHome.installedFor "joey" , GitHome.installedFor "joey"

View File

@ -17,5 +17,18 @@ nonsystem user = check (isNothing <$> homedir user) $ cmdProperty "adduser"
, Param user , Param user
] ]
{- Removes user home directory!! Use with caution. -}
nuked :: UserName -> Property
nuked user = check (isJust <$> homedir user) $ cmdProperty "userdel"
[ Param "-r"
, Param user
]
lockedPassword :: UserName -> Property
lockedPassword user = cmdProperty "passwd"
[ Param "--lock"
, Param user
]
homedir :: UserName -> IO (Maybe FilePath) homedir :: UserName -> IO (Maybe FilePath)
homedir user = catchMaybeIO $ homeDirectory <$> getUserEntryForName user homedir user = catchMaybeIO $ homeDirectory <$> getUserEntryForName user

1
TODO
View File

@ -3,3 +3,4 @@
but only once despite many config changes being made to satisfy but only once despite many config changes being made to satisfy
properties. onChange is a poor substitute. properties. onChange is a poor substitute.
* Apt upgrade does not avoid apt-listchanges and debconf prompts. * Apt upgrade does not avoid apt-listchanges and debconf prompts.
* I often seem to want to be able to combine Properties monadically.