Well . . . It doesn't give me anything else helpful. Out of 142KB of log,
this seems relevant:
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["mask_specific"], mask =>
'2032063', affects => 'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["write", "read", "execute"
], affects => 'self_only' },
{ identity => 'Everyone', rights => ["read", "execute"], affects =>
'self_only' }
] to [
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'BUILTIN\Administrators', rights => ["full"], affects =>
'self_only' },
{ identity => 'BUILTIN\Users', rights => ["read", "execute"], affects =>
'self_only' },
{ identity => 'Everyone', rights => ["read", "execute"], affects =>
'self_only' }
] [0m
[1;31mError: /Stage[main]/Yum/Acl[chocolatey.config]: Could not evaluate:
The parameter is incorrect. - ReportEvent
The { identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
repeats several hundred times that I didn't bother to paste here.
I am going to test with your simpler version to see if it makes a
difference...
On Friday, September 25, 2015 at 3:12:42 AM UTC-4, Rob Reynolds wrote:
>
>
>
> On Thu, Sep 24, 2015 at 7:25 AM, jmp242 <[email protected] <javascript:>>
> wrote:
>
>> So per my previous post, I'm now trying to replace the file POSIX
>> permissions with ACLs. I'm apparently missing something though. I want to
>> replicate what I had before in the new supported method, i.e.:
>>
>> owner => 'SYSTEM',
>> group => 'Administrators',
>> mode => '0775',
>>
>>
>> So I tried doing:
>> acl { 'chocolatey.config':
>> target =>
>> 'C:/ProgramData/chocolatey/config/chocolatey.config',
>> purge => false,
>> permissions => [
>> {
>> identity => 'SYSTEM',
>> rights => [
>> 'full'],
>> perm_type => 'allow',
>> child_types => 'all',
>> affects => 'all'
>> }
>> ,
>> {
>> identity => 'Administrators',
>> rights => [
>> 'full'],
>> perm_type => 'allow',
>> child_types => 'all',
>> affects => 'all'
>> }
>> ,
>> {
>> identity => 'Users',
>> rights => [
>> 'read',
>> 'execute'],
>> perm_type => 'allow',
>> child_types => 'all',
>> affects => 'all'
>> }
>> ],
>> owner => 'SYSTEM', # Creator_Owner specific, doesn't
>> manage unless specified
>> group => 'Administrators', # Creator_Group specific,
>> doesn't manage unless specified
>> inherit_parent_permissions => true,
>> require => File['chocolatey.config'],
>> }
>>
>>
>> As I understand the documentation, this seems to map, mind you - being
>> far more verbose and complicated - to the original permissions.
>>
>
> Sure, it's a LOT more verbose if you add all of the defaults in. Leaving
> out the defaults and considering that acl already does autorequires on a
> file with the same path (we'll leave the requires in), this looks a lot
> better:
>
> acl { 'c:/ProgramData/chocolatey/config/chocolatey.config':
> permissions => [
> { identity => 'SYSTEM', rights => ['full']},
> { identity => 'Administrators', rights => ['full']},
> { identity => 'Users', rights => ['read', 'execute']},
> require => File['chocolatey.config'],
> }
>
>
>
>
>> However, I get errors:
>> Could not evaluate: The parameter is incorrect. - ReportEvent
>>
>> This doesn't really help me figure out what I did wrong here...
>>
>
>
> Not really sure what caused this. Might be good to see this with a
> `--debug --trace --verbose` run to see what may be causing the issue.
>
>
>
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/a49f14bc-6804-4ba8-a033-752a6da2a9cb%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/puppet-users/a49f14bc-6804-4ba8-a033-752a6da2a9cb%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> Rob Reynolds
> Developer, Puppet Labs
>
> *PuppetConf 2015 <http://2015.puppetconf.com/>** is right around the
> corner! Join us October 5-9 in Portland, OR. **Register now
> <https://puppetconf2015.eventbrite.com/>**.*
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/90939a2f-119e-431b-9c6d-557c3a4021b7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
