It does seem that the template provider sets the access_controls regardless of the file being updated (https://github.com/opscode/chef/blob/master/chef/lib/chef/provider/template.rb#L55). What is the specific use case for only setting securable when the template resource is updated?Personally, I would go with your gisted solution.PaulOn Oct 16, 2012, at 2:51 PM, Pete Cheslock < " target="_blank"> > wrote:Hey Everyone,Wondering how to handle a situation regarding updating perms on a template using the "rights" attribute.Assume I have a basic subscription to take action when a template changes.When using the windows "rights" attrib to set the permissions correctly - it will set them each time chef runs, which means each run my resource gets executed.It seems by design (from http://wiki.opscode.com/display/chef/Improved+Windows+File+Security)
- When you specify rights, they are considered a complete description of all explicit rights on a file: all existing explicit rights will be removed and the new ones added. (Inherited rights will remain on the file).
Given the design of windows file permissions - how could someone setup a template to set the right file permissions on windows, but only notify if the template changes - not notify when the file permissions are set. Seems like one option could be to subscribe a file resource to set the permissions when the template is created or changed - but seems unnecessary if that can be handled in the template resource.Here was the option that I was toying around with and works https://gist.github.com/a148fb82997e187333beDidn't know if there was a better way - or if the template/notification resource should not be doing what it's doing.-Pete
Archive powered by MHonArc 2.6.16.