diff options
author | Tom Duffield <tom@chef.io> | 2017-02-06 09:57:50 -0600 |
---|---|---|
committer | Tom Duffield <tom@chef.io> | 2017-02-06 09:57:50 -0600 |
commit | 406d7bc73740b6ae403e3fade62303a68ac8de71 (patch) | |
tree | 728e2b021597da2dd42f741a36e28abb384aa8af | |
parent | 58f73322224ecbb363468b81e9169a344ee3f5cf (diff) | |
download | chef-tduffield/chef-5768/allow-admins-nodes-dir.tar.gz |
Grant Administrators group permissions to nodes directory under chef-solotduffield/chef-5768/allow-admins-nodes-dir
Signed-off-by: Tom Duffield <tom@chef.io>
-rw-r--r-- | lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb | 2 | ||||
-rw-r--r-- | lib/chef/chef_fs/file_system/repository/nodes_dir.rb | 3 |
2 files changed, 5 insertions, 0 deletions
diff --git a/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb b/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb index d4d1dad4cb..9ea9268ab1 100644 --- a/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb +++ b/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb @@ -113,9 +113,11 @@ class Chef Dir.mkdir(path, 0700) if Chef::Platform.windows? all_mask = Chef::ReservedNames::Win32::API::Security::GENERIC_ALL + administrators = Chef::ReservedNames::Win32::Security::SID.Administrators owner = Chef::ReservedNames::Win32::Security::SID.default_security_object_owner dacl = Chef::ReservedNames::Win32::Security::ACL.create([ Chef::ReservedNames::Win32::Security::ACE.access_allowed(owner, all_mask), + Chef::ReservedNames::Win32::Security::ACE.access_allowed(administrators, all_mask), ]) so = Chef::ReservedNames::Win32::Security::SecurableObject.new(path) so.owner = owner diff --git a/lib/chef/chef_fs/file_system/repository/nodes_dir.rb b/lib/chef/chef_fs/file_system/repository/nodes_dir.rb index 516d028640..a0dd0c9e51 100644 --- a/lib/chef/chef_fs/file_system/repository/nodes_dir.rb +++ b/lib/chef/chef_fs/file_system/repository/nodes_dir.rb @@ -38,10 +38,13 @@ class Chef if Chef::Platform.windows? read_mask = Chef::ReservedNames::Win32::API::Security::GENERIC_READ write_mask = Chef::ReservedNames::Win32::API::Security::GENERIC_WRITE + administrators = Chef::ReservedNames::Win32::Security::SID.Administrators owner = Chef::ReservedNames::Win32::Security::SID.default_security_object_owner dacl = Chef::ReservedNames::Win32::Security::ACL.create([ Chef::ReservedNames::Win32::Security::ACE.access_allowed(owner, read_mask), Chef::ReservedNames::Win32::Security::ACE.access_allowed(owner, write_mask), + Chef::ReservedNames::Win32::Security::ACE.access_allowed(administrators, read_mask), + Chef::ReservedNames::Win32::Security::ACE.access_allowed(administrators, write_mask), ]) so = Chef::ReservedNames::Win32::Security::SecurableObject.new(child.file_path) so.owner = owner |