Ask Your Question
0

Windows ACL module and inheritance propagation

asked 2017-04-05 04:13:07 -0500

Ricardo Gaspar gravatar image

Problem: I want to ensure that permissions are correctly applied to a directory and its contents. I also want for this top directory to not inherit its parent directory's permissions.

First, I copied a directory from a server share (I need it to be synced all the time with my machines).

  file { 'c:/NICETasks':
      ensure  => directory,
      recurse => true,
      purge   => true,
      source  => '//share/tasks'
  }

Then I applied the permissions to every file/dir inside the created/synced directory.

  acl { 'Tasks Permissions':
    target                     => 'c:/NICETasks',
    purge                      => true,
    permissions                => [
      { identity => 'SYSTEM', rights => ["full"], child_types => 'all', affects => 'all' },
      { identity => 'Administrators', rights => ["full"], child_types => 'all', affects => 'all' },
    ],
    owner                      => 'SYSTEM',
    inherit_parent_permissions => false,
    require                    => File['c:/NICETasks'],
  }

The thing is that it is not working as expected. It applies the correct permissions to the top-level directory (c:\Tasks) but it doesn't apply the permissions to its contents.

image description

image description

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2017-04-06 04:19:45 -0500

Ricardo Gaspar gravatar image

I think the problem has to do with the way file resource works. I used a powershell script to copy the folder and afterwards ACL worked fine.

Powershell script sync_dirs.ps1:

$SourceDirPath = '//share/tasks'
$SourceDirFiles = Get-ChildItem -Path $SourceDirPath
$SourceDirFiles.Count

$TargetDirPath = 'C:/NICETasks'
# target folder exists
if(Test-Path $TargetDirPath){
    $TargetDirFiles = Get-ChildItem -Path $TargetDirPath
    $TargetDirFiles.Count
    $FileDiffs = Compare-Object -ReferenceObject $SourceDirFiles -DifferenceObject $TargetDirFiles


    if($FileDiffs.SideIndicator.Length -eq 0){
        echo 'empty - no diffs! Do nothing exiting'
        exit
    } else {
        echo 'different trees. Deleting dir ...'
        Remove-Item $TargetDirPath -Recurse -Force
    }
}
echo 'copying source dir...'
Copy-Item $SourceDirPath $TargetDirPath -Recurse

My manifest:

  exec{'Sync NICETasks':
    command  => '\\\\share\\sync_dirs.ps1',
    provider  => powershell
  }

  acl { 'NICETasks Permissions':
    target                     => 'c:/NICETasks',
    purge                      => true,
    permissions                => [
      { identity => 'SYSTEM', rights => ["full"], child_types => 'all', affects => 'all' },
      { identity => 'Administrators', rights => ["full"], child_types => 'all', affects => 'all' },
    ],
    owner                      => 'SYSTEM',
    inherit_parent_permissions => false,
    require                    => Exec['Sync NICETasks'],
  }
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-04-05 04:13:07 -0500

Seen: 18 times

Last updated: Apr 06