[chef] Clarification on Windows Rights


Chronological Thread 
  • From: David Petzel < >
  • To:
  • Subject: [chef] Clarification on Windows Rights
  • Date: Thu, 28 Feb 2013 21:05:10 -0500

Ohai,
I was hoping someone might be able to clarify something for me on Windows rights: http://wiki.opscode.com/display/chef/Improved+Windows+File+Security

When you specify rights, they are considered a complete description of all explicit rights on a file: all existing explicit rights will be removed and the new ones added. (Inherited rights will remain on the file).

Initially I had read this is as "if the existing permissions don't match, they will all be blown away and replaced with what you defined", however my testing is showing it doesn't care if the specified rights are identical to what is in place (IE on chef run #2). Instead the permissions are reset every single run. This was also discussed here: http://lists.opscode.com/sympa/arc/chef/2012-10/msg00215.html

So could someone clarify if resetting permissions even when they don't need changing is indeed the "intended" behavior? If so how are folks achieving idempotent behavior on  template resources that are leverage windows rights? The post in the other thread which uses the file resource wrapper could possibly work (I have not tested yet), but obviously not declaring each template I need via two resources would be preferred.

This is running chef-client 10.12, and I'm ideally I'm looking for a solution that works on that version as a wholesale upgrade is a little of scope of this particular use case.

Thanks


  • [chef] Clarification on Windows Rights, David Petzel, 02/28/2013

Archive powered by MHonArc 2.6.16.

§