[chef] Re: Chef-client as unprivileged Windows user


Chronological Thread 
  • From: Daniel DeLeo < >
  • To:
  • Subject: [chef] Re: Chef-client as unprivileged Windows user
  • Date: Thu, 10 Oct 2013 07:29:59 -0700


On Thursday, October 10, 2013 at 1:16 AM, Daniel Oliver wrote:

Hi list,

 

I’m sorry if this question has been asked before, but I can’t find in my archives.  I am testing our migration from Chef 10 to 11, and things have been ok the server and system side.  Unfortunately, I’ve hit a road-block when it comes to unprivileged Windows users.

Running chef as an unprivileged user on windows is known to have a lot of problems. Is it an absolute requirement to run as an unprivileged user?
 

 

We use Chef to perform various configuration tasks in each of our user profiles, such as dropping per-user configuration files into the correct location at login and periodically thereafter using a scheduled task.  Unfortunately, I have been unable to make Chef 11.6 deploy even the simplest template to a user’s profile; I just keep file security permission errors.  I have tried varying absolute/relative paths, Windows/Unix style directories and combinations of Windows/Unix permission options, all with no success.

 

I do see a 0-byte file appear, for which the current user is the owner having full control, and I am able to change permissions using Explorer.

 

I’ve looked through mv_windows.rb, and I understand why the permissions handling has been implemented as it has realise that this may well introduce some scenarios I need to work around.  However, what I don’t understand is why it isn’t working in this situation?  My user is able to manipulate the file permissions in Explorer with no privilege escalation, and the location I am trying to write to is not subject to redirection by the Virtual Store.  Chef is also creating a 0-byte file with the current user as the owner and explicit full control.

 

If anyone can shed some light on this problem, I would really appreciate your input.

What's the exact error?
 

 

Thanks,

Dan.



-- 
Daniel DeLeo




Archive powered by MHonArc 2.6.16.

§