Do you have any code on github? Perhaps we can collaborate. I am doing a bit of windows type and provider development currently (mostly learning how ;) I have a pendinga windows clustering provider, and a windows ad dns provider in the works. I have also wrote a chocolatey provider that we are now officially using on 100s of servers.
On Monday, January 28, 2013 5:01:10 PM UTC-5, [email protected] wrote: > Hi Josh, > > First of all thanks for the quick reply. > > The main priorities to make Puppet usable on Windows for us would be: > > 1> Control complete state of the DACL for grant (we don't use deny). > 2> Control inheritance on DACL (at the same time as being able to control > other DACL grant entries for that object). > 3> Control inheritance on SACL (we only set this at a higher level). > 4> Set user account on Service. > > It would also be good to have the following (although don't think it would > be a showstopper for adoption): > 5> Control ACL on local SMB shares. > 6> Control ACL on registry. > > And finally the nice to haves: > 7> (Nice to have) Set DACL on parent directory but inherit permissions on > all children when using source param with multiple levels of hierarchy. > 8> (Nice to have) Set DACL on parent directory but inherit permissions on > all children when using recurse param. > > Off the top of my head (not fully worked out all our requirements with the > devs yet) I don't think we control access to any other types of windows > object (e.g. service) > > I did start having a dig in the Puppet code for the file type and all of > the building blocks are already there. I'm not sure how much effort it > would be to write an ntfsfile class but I have started having a play with > writing my own (in my spare time) but I've never written Ruby before so a > reasonable learning curve (not least just to understand the mass of file > and windows provider Puppet code let alone Ruby!). The permission setting > methods are all there (e.g. set_acl and get_acl from security.rb including > the protected parameter that i couldn't see a way of setting anywhere). My > plan was to replace the mode param on file.rb with a dacl param that could > take some form of friendly dacl description. The get_mode and set_mode > methods could then be changed to translate between friendly dacl and real > dacl rather than POSIX mode and dacl. > > The friendly DACL would use something like the following to describe each > ACE: > ntfsfile { 'myfile.txt' : > require => file, > dacl => [ > ['user1', grant, [FULL_CONTROL]], > ['user2', grant, [FILE_READ]], > ['group1', grant, [FILE_READ, FILE_WRITE, > CHANGE_PERMISSIONS]], > ['user3', deny, [FILE_READ, FILE_WRITE, FILE_EXECUTE]] > ], > inheritparent => false, > source => 'puppet://modules/something/file.txt', > } > > > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
