Issue #8662 has been updated by Josh Cooper. Status changed from Accepted to Merged - Pending Release Assignee set to Josh Cooper % Done changed from 0 to 100
On Windows, Puppet.features.root? and Puppet::Util::SUIDManager.root? will return true if the current user's process token is running with elevated privileges, and false otherwise. This check may fail because the platform doesn't support UAC, e.g. Windows 2003, in which case, it will return true if the user is a member of the builtin administrators group, and false otherwise. Note that due to UAC it is possible for Puppet.features.root? to return false even though you are an administrator. In other words, by default processes created by the administrator run with the restricted token, and you must explicitly run puppet with elevated privileges such as: <pre> runas /user:administrator "puppet apply manifest.pp" </pre> Whether or not we are "root" on Windows controls the following puppet behaviors: * The directory that we store puppet configuration * Whether we can chown/chgrp files Note that chown/chgrp is not currently supported, but will be when we add support for windows file provider. This change was merged into 2.7.x as commit:630ec36089e2224fba99b76d76eaf904af13e4d6 ---------------------------------------- Bug #8662: Puppet.features.root? always returns true on Windows https://projects.puppetlabs.com/issues/8662 Author: Josh Cooper Status: Merged - Pending Release Priority: Normal Assignee: Josh Cooper Category: windows Target version: 2.7.x Affected Puppet version: Keywords: Branch: On Windows, Puppet.features.root? always returns true, even when running as a non-admin user. It should only return true if we are running with elevated privileges. Part of the problem is that Puppet.features.root, invokes SUIDManager.root?, which calls Process.uid, without first requiring the win32/process gem. And without it, Process.uid always returns 0. We also need to investigate what code paths occur when root? is true or false, and make sure they make sense on Windows. For example, the file provider will attempt to set the owner and group of files that it manages when running as root, but the capability to obtain and set owner/group info is not implemented yet on Windows. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
