Grant Administrators group permissions to nodes directory under chef-solotduffield/chef-5768/allow-admins-nodes-dir

Signed-off-by: Tom Duffield <tom@chef.io>
author: Tom Duffield <tom@chef.io> 2017-02-06 09:57:50 -0600
committer: Tom Duffield <tom@chef.io> 2017-02-06 09:57:50 -0600
commit: 406d7bc73740b6ae403e3fade62303a68ac8de71 (patch)
tree: 728e2b021597da2dd42f741a36e28abb384aa8af
parent: 58f73322224ecbb363468b81e9169a344ee3f5cf (diff)
download: chef-tduffield/chef-5768/allow-admins-nodes-dir.tar.gz
2 files changed, 5 insertions, 0 deletions
diff --git a/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb b/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb
index d4d1dad4cb..9ea9268ab1 100644
--- a/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb
+++ b/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb
@@ -113,9 +113,11 @@ class Chef
                   Dir.mkdir(path, 0700)
                   if Chef::Platform.windows?
                     all_mask = Chef::ReservedNames::Win32::API::Security::GENERIC_ALL
+                    administrators = Chef::ReservedNames::Win32::Security::SID.Administrators
                     owner = Chef::ReservedNames::Win32::Security::SID.default_security_object_owner
                     dacl = Chef::ReservedNames::Win32::Security::ACL.create([
                       Chef::ReservedNames::Win32::Security::ACE.access_allowed(owner, all_mask),
+                      Chef::ReservedNames::Win32::Security::ACE.access_allowed(administrators, all_mask),
                     ])
                     so = Chef::ReservedNames::Win32::Security::SecurableObject.new(path)
                     so.owner = owner
diff --git a/lib/chef/chef_fs/file_system/repository/nodes_dir.rb b/lib/chef/chef_fs/file_system/repository/nodes_dir.rb
index 516d028640..a0dd0c9e51 100644
--- a/lib/chef/chef_fs/file_system/repository/nodes_dir.rb
+++ b/lib/chef/chef_fs/file_system/repository/nodes_dir.rb
@@ -38,10 +38,13 @@ class Chef
             if Chef::Platform.windows?
               read_mask = Chef::ReservedNames::Win32::API::Security::GENERIC_READ
               write_mask = Chef::ReservedNames::Win32::API::Security::GENERIC_WRITE
+              administrators = Chef::ReservedNames::Win32::Security::SID.Administrators
               owner = Chef::ReservedNames::Win32::Security::SID.default_security_object_owner
               dacl = Chef::ReservedNames::Win32::Security::ACL.create([
                 Chef::ReservedNames::Win32::Security::ACE.access_allowed(owner, read_mask),
                 Chef::ReservedNames::Win32::Security::ACE.access_allowed(owner, write_mask),
+                Chef::ReservedNames::Win32::Security::ACE.access_allowed(administrators, read_mask),
+                Chef::ReservedNames::Win32::Security::ACE.access_allowed(administrators, write_mask),
               ])
               so = Chef::ReservedNames::Win32::Security::SecurableObject.new(child.file_path)
               so.owner = owner
author	Tom Duffield <tom@chef.io>	2017-02-06 09:57:50 -0600
committer	Tom Duffield <tom@chef.io>	2017-02-06 09:57:50 -0600
commit	406d7bc73740b6ae403e3fade62303a68ac8de71 (patch)
tree	728e2b021597da2dd42f741a36e28abb384aa8af
parent	58f73322224ecbb363468b81e9169a344ee3f5cf (diff)
download	chef-tduffield/chef-5768/allow-admins-nodes-dir.tar.gz