Issue #10299 has been updated by Josh Cooper. Branch set to https://github.com/puppetlabs/puppet/pull/482
Previously, on Windows 2003 and earlier, Puppet.features.root? was implemented by checking if the current user was a member of the local Administrators group. However, many accounts, e.g. LocalSystem, are implicit members of this group, so Puppet.features.root? would incorrectly return false. This led to puppet not being able to find its default configuration directory, among other things. Conversely, a process can be executing using a restricted token, so while the user may be a member of the Administrators group, the process will be running with less privileges, and Puppet.features.root? would incorrectly return true. This commit uses CheckTokenMembership to determine if the local Administrators group SID is both present and enabled in the calling thread's access token. The behavior on Vista/2008 is unchanged. The calling thread's token must be currently elevated. ---------------------------------------- Bug #10299: Puppet.features.root? doesn't return true when running under as SYSTEM on Windows https://projects.puppetlabs.com/issues/10299#change-54236 Author: Josh Cooper Status: Accepted Priority: Normal Assignee: Josh Cooper Category: windows Target version: 2.7.x Affected Puppet version: 2.7.4 Keywords: Branch: https://github.com/puppetlabs/puppet/pull/482 On Windows, the SYSTEM (aka LocalSystem) account is not a member of the local Administrators group, so Puppet.features.root? returns false, when it should return true. This results in two issues, first puppet agent can't find it's Puppet::Util::RunMode#conf_dir, which points to the location of its configuration file. Second, the agent will raise an error when attempting to set owner, group, etc. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
