summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTom Duffield <tom@chef.io>2017-02-06 15:33:27 -0600
committerMatt Wrock <matt@mattwrock.com>2017-02-06 13:33:27 -0800
commit5b2b5e13833020f3061d4f6bd16d8d6b7df7958a (patch)
tree6ca2369df987f5a98a1ddbca69b871ec559d3882
parent4d093e55fe3a47f20a9ffe8b448765fceb25532c (diff)
downloadchef-5b2b5e13833020f3061d4f6bd16d8d6b7df7958a.tar.gz
Grant Administrators group permissions to nodes directory under chef-solo (#5781)
Signed-off-by: Tom Duffield <tom@chef.io>
-rw-r--r--lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb2
-rw-r--r--lib/chef/chef_fs/file_system/repository/nodes_dir.rb3
2 files changed, 5 insertions, 0 deletions
diff --git a/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb b/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb
index d4d1dad4cb..9ea9268ab1 100644
--- a/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb
+++ b/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb
@@ -113,9 +113,11 @@ class Chef
Dir.mkdir(path, 0700)
if Chef::Platform.windows?
all_mask = Chef::ReservedNames::Win32::API::Security::GENERIC_ALL
+ administrators = Chef::ReservedNames::Win32::Security::SID.Administrators
owner = Chef::ReservedNames::Win32::Security::SID.default_security_object_owner
dacl = Chef::ReservedNames::Win32::Security::ACL.create([
Chef::ReservedNames::Win32::Security::ACE.access_allowed(owner, all_mask),
+ Chef::ReservedNames::Win32::Security::ACE.access_allowed(administrators, all_mask),
])
so = Chef::ReservedNames::Win32::Security::SecurableObject.new(path)
so.owner = owner
diff --git a/lib/chef/chef_fs/file_system/repository/nodes_dir.rb b/lib/chef/chef_fs/file_system/repository/nodes_dir.rb
index 516d028640..a0dd0c9e51 100644
--- a/lib/chef/chef_fs/file_system/repository/nodes_dir.rb
+++ b/lib/chef/chef_fs/file_system/repository/nodes_dir.rb
@@ -38,10 +38,13 @@ class Chef
if Chef::Platform.windows?
read_mask = Chef::ReservedNames::Win32::API::Security::GENERIC_READ
write_mask = Chef::ReservedNames::Win32::API::Security::GENERIC_WRITE
+ administrators = Chef::ReservedNames::Win32::Security::SID.Administrators
owner = Chef::ReservedNames::Win32::Security::SID.default_security_object_owner
dacl = Chef::ReservedNames::Win32::Security::ACL.create([
Chef::ReservedNames::Win32::Security::ACE.access_allowed(owner, read_mask),
Chef::ReservedNames::Win32::Security::ACE.access_allowed(owner, write_mask),
+ Chef::ReservedNames::Win32::Security::ACE.access_allowed(administrators, read_mask),
+ Chef::ReservedNames::Win32::Security::ACE.access_allowed(administrators, write_mask),
])
so = Chef::ReservedNames::Win32::Security::SecurableObject.new(child.file_path)
so.owner = owner