Issue #22051 has been updated by Dustin Mitchell.
Apparently what I can tell is incorrect --
Puppet::Util::Windows::Security#get_mode can return different bits for group
and user. The problematic code seems to be
# if owner and group the same, then user and group modes are the OR
of both
if owner_sid == group_sid
mode |= ((mode & S_IRWXG) << 3) | ((mode & S_IRWXU) >> 3)
#puts "owner: #{group_sid}, 0x#{ace[:mask].to_s(16)},
#{mode.to_s(8)}"
end
which is of course dependent on the details of the ACL of the file in question.
The type's `property_matches?` method would need to actually look at the file
to see that its owner_sid == group_sid, and then only compare bits 0b111000111.
That seems out of scope for a type (rather than a provider).
The workaround we've come up with at Mozilla is to define a filemode(..) puppet
function which copies the user bits to the group (e.g., 0644 becomes 0664).
Other suggestions on how to improve this situation, other than almost always
defining different mode bits for the same file on POSIX and Windows?
----------------------------------------
Bug #22051: Windows mode bits are not handled symmetrically
https://projects.puppetlabs.com/issues/22051#change-96181
* Author: Dustin Mitchell
* Status: Unreviewed
* Priority: Normal
* Assignee:
* Category:
* Target version:
* Affected Puppet version:
* Keywords:
* Branch:
----------------------------------------
As far as I can tell, Windows mode bits are read as CCE, where C is the
creator/owner perms, and E is the everyone perms. So a file that's rwx for
creator/owner but with no perms for anyone else would appear to puppet as 770.
If you have permissions bits with different user and group triplets, Puppet
resets the permissions on every run.
For example,
file {
'c:/foo.txt':
mode => 0644;
}
will change the mode from 0664 to 0644 on every run.
It seems like some folding of bits in the provider could work around this
pretty easily.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-bugs.
For more options, visit https://groups.google.com/groups/opt_out.
