HomePhorge
Diffusion puppet b635451dd8d2

(#11563) Only rewrite the DACL if the mode changes
b635451dd8d2Unpublished
Actions

Unpublished Commit ยท Learn More

Repository Importing: This repository is still importing.

Description

(#11563) Only rewrite the DACL if the mode changes

Previously, the owner, group, mode getter and setter methods each managed their
part of the security descriptor. This lead to similar, but slightly different
methods, such as GetSecurityInfo being invoked once to get the owner, and
another time to get the dacl.

This commits adds methods for getting and setting the security descriptor,
and updates the owner/group/mode methods to call it. This eliminated duplicate
logic many places, e.g. change_sid, get_sid, set_acl, get_dacl, get_dacl_ptr,
get_security_info, and set_security_info.

This commit also means that if you change the owner and/or group, but not mode,
then the security descriptor will not be marked as protected, and the DACL
will not be rewritten. In other words, puppet won't mess up your file
permissions.

Only if you choose to manage the mode will puppet mark the SD as protected and
rewrite the DACL based on the security descriptors owner/group and specified
mode.

Details

Provenance
Josh Cooper <josh@puppetlabs.com>Authored on
vanmeeuwenPushed on Jun 2 2015, 2:22 PM
Parents
rPU7d83f5e37fe4: (#11563) Refactor DACL parsing
Branches
Unknown
Tags
Unknown

Event Timeline

Josh Cooper <josh@puppetlabs.com> committed rPUb635451dd8d2: (#11563) Only rewrite the DACL if the mode changes (authored by Josh Cooper <josh@puppetlabs.com>).Nov 26 2013, 6:32 PM

Changes (3)

PathSize
lib/
puppet/
util/
windows/
spec/
integration/
type/
util/
windows/

rPUb635451dd8d2

View Options

lib/puppet/util/windows/security.rb

Loading...
View Options

spec/integration/type/file_spec.rb

Loading...
View Options

spec/integration/util/windows/security_spec.rb

Loading...