Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-1226

ACL not functional with ALL APPLICATION PACKAGES group

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Normal
    • Resolution: Won't Fix
    • None
    • None
    • acl, supported

    Description

      E.g. https://github.com/puppetlabs/puppetlabs-acl gives an error when you try to use it with the ALL APPLICATION PACKAGES group. Your developers probably have the same bug as this guy: http://stackoverflow.com/questions/17761826/assigning-folder-permissions-to-all-application-packages-group

      file {'c:\temp':
      		 
       ensure => directory,
      		 
      }
      		 
       
      		 
      acl { 'c:\temp':
      		 
        permissions => [
      		 
         { identity => 'Administrator', rights => ['full'] },
      		 
         { identity => 'ALL APPLICATION PACKAGES', rights => ['read'] }
      		 
        ],
      		 
      }

      Output of run (TL;DR- you can see it recognizes the user but has an issue in application):

      Notice: Compiled catalog for win-e5k8tm30719 in environment production in 0.12 seconds
      		 
      Notice: /Stage[main]/Main/Acl[c:\temp]/permissions: permissions changed [
      		 
       { identity => 'WIN-E5K8TM30719\Administrator', rights => ["full"] }
      		 
      ] to [
      		 
       { identity => 'WIN-E5K8TM30719\Administrator', rights => ["full"] },
      		 
       { identity => 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES', rights
      		 
      => ["read"] }
      		 
      ]
      		 
      Error: /Stage[main]/Main/Acl[c:\temp]: Could not evaluate: 
      Failed to set security descriptor for path 'c:\temp': 
      Failed to convert string SID: :  The parameter is incorrect.
      		 
      Notice: Finished catalog run in 0.27 seconds

      With debug, trace and verbose output on:

      Info: Applying configuration version '1406221744'
      		 
      Notice: /Stage[main]/Main/Acl[c:\temp]/permissions: permissions changed [
      		 
       { identity => 'WIN-E5K8TM30719\Administrator', rights => ["full"] }
      		 
      ] to [
      		 
       { identity => 'WIN-E5K8TM30719\Administrator', rights => ["full"] },
      		 
       { identity => 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES', rights
      		 
      => ["read"] }
      		 
      ]
      		 
      Error: /Stage[main]/Main/Acl[c:\temp]: Could not evaluate: Failed to set securit
      		 
      y descriptor for path 'c:\temp': Failed to convert string SID: :  The parameter
      		 
      is incorrect.
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/windows/sid.rb:
      		 
      97:in `string_to_sid_ptr'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/windows/securit
      		 
      y.rb:392:in `add_access_allowed_ace'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/windows/securit
      		 
      y.rb:608:in `block (6 levels) in set_security_descriptor'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/windows/access_
      		 
      control_list.rb:28:in `block in each'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/windows/access_
      		 
      control_list.rb:28:in `each'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/windows/access_
      		 
      control_list.rb:28:in `each'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/windows/securit
      		 
      y.rb:604:in `block (5 levels) in set_security_descriptor'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/windows/sid.rb:
      		 
      101:in `string_to_sid_ptr'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/windows/securit
      		 
      y.rb:603:in `block (4 levels) in set_security_descriptor'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/windows/sid.rb:
      		 
      101:in `string_to_sid_ptr'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/windows/securit
      		 
      y.rb:602:in `block (3 levels) in set_security_descriptor'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/windows/securit
      		 
      y.rb:490:in `open_file'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/windows/securit
      		 
      y.rb:601:in `block (2 levels) in set_security_descriptor'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/windows/securit
      		 
      y.rb:499:in `with_privilege'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/windows/securit
      		 
      y.rb:600:in `block in set_security_descriptor'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/windows/securit
      		 
      y.rb:499:in `with_privilege'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/windows/securit
      		 
      y.rb:599:in `set_security_descriptor'
      		 
      C:/ProgramData/PuppetLabs/puppet/etc/modules/acl/lib/puppet/provider/acl/windows
      		 
      /base.rb:413:in `set_security_descriptor'
      		 
      C:/ProgramData/PuppetLabs/puppet/etc/modules/acl/lib/puppet/provider/acl/windows
      		 
      .rb:195:in `flush'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/type.rb:977:in `flus
      		 
      h'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/transaction/resource
      		 
      _harness.rb:24:in `evaluate'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/transaction.rb:174:i
      		 
      n `apply'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/transaction.rb:187:i
      		 
      n `eval_resource'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/transaction.rb:117:i
      		 
      n `call'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/transaction.rb:117:i
      		 
      n `block (2 levels) in evaluate'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util.rb:327:in `bloc
      		 
      k in thinmark'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/sys/ruby/lib/ruby/1.9.1/benchmark.rb:2
      		 
      95:in `realtime'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util.rb:326:in `thin
      		 
      mark'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/transaction.rb:117:i
      		 
      n `block in evaluate'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/graph/relationship_g
      		 
      raph.rb:118:in `traverse'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/transaction.rb:108:i
      		 
      n `evaluate'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/resource/catalog.rb:
      		 
      167:in `block in apply'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/log.rb:149:in `
      		 
      with_destination'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/transaction/report.r
      		 
      b:112:in `as_logging_destination'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/resource/catalog.rb:
      		 
      166:in `apply'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/configurer.rb:117:in
      		 
       `block in apply_catalog'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util.rb:161:in `bloc
      		 
      k in benchmark'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/sys/ruby/lib/ruby/1.9.1/benchmark.rb:2
      		 
      95:in `realtime'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util.rb:160:in `benc
      		 
      hmark'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/configurer.rb:116:in
      		 
       `apply_catalog'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/configurer.rb:191:in
      		 
       `run'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/application/apply.rb
      		 
      :288:in `apply_catalog'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/application/apply.rb
      		 
      :228:in `block in main'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/context.rb:64:in `ov
      		 
      erride'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet.rb:234:in `override'
      		 
       
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/application/apply.rb
      		 
      :190:in `main'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/application/apply.rb
      		 
      :151:in `run_command'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/application.rb:371:i
      		 
      n `block (2 levels) in run'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/application.rb:477:i
      		 
      n `plugin_hook'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/application.rb:371:i
      		 
      n `block in run'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util.rb:479:in `exit
      		 
      _on_fail'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/application.rb:371:i
      		 
      n `run'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/command_line.rb
      		 
      :137:in `run'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/command_line.rb
      		 
      :91:in `execute'
      		 
      C:/Program Files (x86)/Puppet Labs/Puppet/puppet/bin/puppet:4:in `<main>'
      		 
      Debug: Finishing transaction 35803152
      		 
      Debug: Storing state
      		 
      Debug: Stored state in 0.00 seconds
      		 
      Notice: Finished catalog run in 0.28 seconds

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. PUP-2985 Win32-Security does not work with fully qualified ALL APPLICATION PACKAGES group

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MODULES-9215 ACL: Cannot update ACL if there is an existing unmanaged ACE for ALL RESTRICTED APPLICATION PACKAGES

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. MODULES-5152 ACL: ALL APPLICATION PACKAGES causes issues with puppetlabs-acl module

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. PUP-1284 win32-security gem doesn't handle 'Authenticated Users' correctly

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Closed
          links to

          Web Link Win32-Security #6

          Activity

            People

              Unassigned Unassigned
              ryan Ryan Coleman
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support