add USER:HAS-GROUPS

Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>

2 files changed, 13 insertions, 0 deletions

diff --git a/src/package.lisp b/src/package.lisp
index 9658041..2d9143a 100644
--- a/src/package.lisp
+++ b/src/package.lisp
@@ -362,6 +362,7 @@
   (:use #:cl #:consfigurator)
   (:local-nicknames (#:file  #:consfigurator.property.file))
   (:export #:has-account
+           #:has-groups
 	   #:has-login-shell
            #:has-enabled-password
 	   #:passwd-entry))
diff --git a/src/property/user.lisp b/src/property/user.lisp
index c129c74..9f7f13b 100644
--- a/src/property/user.lisp
+++ b/src/property/user.lisp
@@ -29,6 +29,18 @@ Note that this uses getent(1) and so is not strictly POSIX-compatible."
    (assert-euid-root)
    (mrun "useradd" "-m" username)))
 
+(defprop has-groups :posix
+    (username &rest groups &aux (groups* (format nil "~{~A~^,~}" groups)))
+  "Ensure that USERNAME is a member of secondary groups GROUPS."
+  (:desc (format nil "~A in group~P ~A" username (length groups) groups*))
+  (:check
+   (declare (ignore groups*))
+   (subsetp groups (cddr (split-string (stripln (run "groups" username))))
+            :test #'string=))
+  (:apply
+   (assert-euid-root)
+   (mrun "usermod" "-a" "-G" groups* username)))
+
 (defprop has-login-shell :posix (username shell)
   "Ensures that USERNAME has login shell SHELL.
 Note that this uses getent(1) and so is not strictly POSIX-compatible."