Details
-
Bug
-
Status: Closed
-
Normal
-
Resolution: Fixed
-
None
-
-
Windows
-
1
-
Windows 2018-05-30, Windows 2018-06-06
Description
If you grant rwx permission to a file's group:
user { 'foo': |
ensure => present, |
managehome => false, |
password => 'foo1234!', |
groups => ['Users'], |
}
|
file { 'C:\foo': |
ensure => directory, |
owner => 'foo', |
group => 'Administrators', |
mode => '0770', |
}
|
file { 'C:\foo\foo.bat': |
ensure => file, |
content => 'echo "hello"' |
}
|
The windows provider does not map that to full control. Instead the group receives a subset of permissions. More specifically, any file contained in the directory being managed is not executable:
C:\> puppet apply foo.pp
|
Notice: Compiled catalog for win-qp47voha2p4.solar.lan in environment production in 0.50 seconds
|
Notice: /Stage[main]/Main/File[C:\foo]/ensure: created
|
Notice: /Stage[main]/Main/File[C:\foo\foo.bat]/ensure: defined content as '{md5}84b8f5c3577073eac07c9e9915e5b8c9'
|
Notice: Applied catalog in 0.06 seconds
|
C:\> icacls c:\foo
|
c:\foo WIN-QP47VOHA2P4\foo:(F)
|
BUILTIN\Administrators:(RX,W,DC)
|
Everyone:(Rc,S,RA)
|
NT AUTHORITY\SYSTEM:(F)
|
CREATOR OWNER:(CI)(IO)(F)
|
CREATOR GROUP:(CI)(IO)(RX,W,DC)
|
CREATOR OWNER:(OI)(IO)(R,W,D,WDAC,WO,DC)
|
CREATOR GROUP:(OI)(IO)(R,W,DC)
|
|
|
Successfully processed 1 files; Failed processing 0 files
|
C:\> icacls C:\foo\foo.bat
|
C:\foo\foo.bat BUILTIN\Administrators:(I)(R,W,D,WDAC,WO,DC)
|
WIN-QP47VOHA2P4\None:(I)(R,W,DC)
|
Attachments
Issue Links
- relates to
-
-
- Resolved
-
-
MODULES-7177 Prepare for work on PUP-4684
-
- Resolved
-
-
PUP-6729 NTFS permissions should be recalculated given SYSTEM is an implicit member of local Administrators
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
