Grant Administrators group permissions to nodes directory under chef-solo (#5781)

Signed-off-by: Tom Duffield <tom@chef.io>
author: Tom Duffield <tom@chef.io> 2017-02-06 15:33:27 -0600
committer: Matt Wrock <matt@mattwrock.com> 2017-02-06 13:33:27 -0800
commit: 5b2b5e13833020f3061d4f6bd16d8d6b7df7958a (patch)
tree: 6ca2369df987f5a98a1ddbca69b871ec559d3882
parent: 4d093e55fe3a47f20a9ffe8b448765fceb25532c (diff)
download: chef-5b2b5e13833020f3061d4f6bd16d8d6b7df7958a.tar.gz
2 files changed, 5 insertions, 0 deletions
diff --git a/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb b/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb
index d4d1dad4cb..9ea9268ab1 100644
--- a/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb
+++ b/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb
@@ -113,9 +113,11 @@ class Chef
                   Dir.mkdir(path, 0700)
                   if Chef::Platform.windows?
                     all_mask = Chef::ReservedNames::Win32::API::Security::GENERIC_ALL
+                    administrators = Chef::ReservedNames::Win32::Security::SID.Administrators
                     owner = Chef::ReservedNames::Win32::Security::SID.default_security_object_owner
                     dacl = Chef::ReservedNames::Win32::Security::ACL.create([
                       Chef::ReservedNames::Win32::Security::ACE.access_allowed(owner, all_mask),
+                      Chef::ReservedNames::Win32::Security::ACE.access_allowed(administrators, all_mask),
                     ])
                     so = Chef::ReservedNames::Win32::Security::SecurableObject.new(path)
                     so.owner = owner
diff --git a/lib/chef/chef_fs/file_system/repository/nodes_dir.rb b/lib/chef/chef_fs/file_system/repository/nodes_dir.rb
index 516d028640..a0dd0c9e51 100644
--- a/lib/chef/chef_fs/file_system/repository/nodes_dir.rb
+++ b/lib/chef/chef_fs/file_system/repository/nodes_dir.rb
@@ -38,10 +38,13 @@ class Chef
             if Chef::Platform.windows?
               read_mask = Chef::ReservedNames::Win32::API::Security::GENERIC_READ
               write_mask = Chef::ReservedNames::Win32::API::Security::GENERIC_WRITE
+              administrators = Chef::ReservedNames::Win32::Security::SID.Administrators
               owner = Chef::ReservedNames::Win32::Security::SID.default_security_object_owner
               dacl = Chef::ReservedNames::Win32::Security::ACL.create([
                 Chef::ReservedNames::Win32::Security::ACE.access_allowed(owner, read_mask),
                 Chef::ReservedNames::Win32::Security::ACE.access_allowed(owner, write_mask),
+                Chef::ReservedNames::Win32::Security::ACE.access_allowed(administrators, read_mask),
+                Chef::ReservedNames::Win32::Security::ACE.access_allowed(administrators, write_mask),
               ])
               so = Chef::ReservedNames::Win32::Security::SecurableObject.new(child.file_path)
               so.owner = owner
author	Tom Duffield <tom@chef.io>	2017-02-06 15:33:27 -0600
committer	Matt Wrock <matt@mattwrock.com>	2017-02-06 13:33:27 -0800
commit	5b2b5e13833020f3061d4f6bd16d8d6b7df7958a (patch)
tree	6ca2369df987f5a98a1ddbca69b871ec559d3882
parent	4d093e55fe3a47f20a9ffe8b448765fceb25532c (diff)
download	chef-5b2b5e13833020f3061d4f6bd16d8d6b7df7958a.tar.gz