summaryrefslogtreecommitdiff
path: root/RELEASE_NOTES.md
diff options
context:
space:
mode:
authorBryan McLellan <btm@loftninjas.org>2017-02-09 07:43:03 -0500
committerBryan McLellan <btm@loftninjas.org>2017-02-09 07:58:51 -0500
commit00c0a84f7a9c50007898470d849769c32d39de11 (patch)
treee00c70788507d54fde59eedeff44a93c50a65cb6 /RELEASE_NOTES.md
parent8188bf35ad65b8c87804181d74fb554278722783 (diff)
downloadchef-00c0a84f7a9c50007898470d849769c32d39de11.tar.gz
Be more specific about using the alternate user feature
The caveat with the alternate user feature is specific to running as a service, so we should be more specific about that. Signed-off-by: Bryan McLellan <btm@loftninjas.org>
Diffstat (limited to 'RELEASE_NOTES.md')
-rw-r--r--RELEASE_NOTES.md6
1 files changed, 3 insertions, 3 deletions
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index 32ce78e2ad..bdf3dd0bf4 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -11,11 +11,11 @@ _This file holds "in progress" release notes for the current release under devel
### Windows alternate user identity execute support
-The `execute` resource and simliar resources such as `script`, `batch`, and `powershell_script`now support the specification of credentials on Windows so that the resulting process is created with the security identity that corresponds to those credentials.
+The `execute` resource and simliar resources such as `script`, `batch`, and `powershell_script` now support the specification of credentials on Windows so that the resulting process is created with the security identity that corresponds to those credentials.
-**Note**: For this feature the user that Chef runs as needs the 'SE_ASSIGNPRIMARYTOKEN_NAME' or 'SeAssignPrimaryTokenPrivilege' user right, when running as a service. By default the user has only LocalSystem and NetworkService rights.
+**Note**: When Chef is running as a service, this feature requires that the user that Chef runs as has 'SeAssignPrimaryTokenPrivilege' (aka 'SE_ASSIGNPRIMARYTOKEN_NAME') user right. By default only LocalSystem and NetworkService have this right when running as a service. This is necessary even if the user is an Administrator.
-This is how the right can be added for a user in the recipe:
+This right bacn be added and checked in a recipe using this example:
```ruby
# Add 'SeAssignPrimaryTokenPrivilege' for the user
Chef::ReservedNames::Win32::Security.add_account_right('<user>', 'SeAssignPrimaryTokenPrivilege')