Den fredag den 25. oktober 2013 22.10.40 UTC+2 skrev Rob Reynolds:
>
> tl;dr: Windows manages permissions in a way that doesn't always translate
> well to mode. We're putting together a solution for this. Jump in the
> discussion.
>
>
> I wanted to get this conversation started. We've put a lot of thought into
> how the model should look and focused on ease of use up to more advanced
> scenarios.
>
> However I don't feel that what we have is complete. If you are familiar
> with Windows, we'd love to get your feedback. If you are not familiar with
> Windows, we'd still love to get your feedback.
>
> A couple of notes to start it off:
>
> 1. This is currently planned to be a module on the forge.
>
>
>
2. We have some changes to make to core puppet to better enable handing
> windows permissions (changes around how mode is applied on Windows now when
> not explicitly specified).
>
IMHO it should be possible to leave out mode (especially when ones declare
an acl instead) - and puppet should NOT care about mode (as in shouldn't
try to set it as it does not, and breaks windows permissions).
> 3. We tried to map somewhat close to the way Windows ACLs/DACLs/ACEs work.
>
> 4. We've also attempted to leave room for future expansion or application
> on POSIX systems. Note: this is not a primary goal, so unless there is a
> design consideration on the model, it's probably not something we will
> approach with this current effort.
>
>
acl should most definetely be applicable for any unix filesystem mounted
with ACL support :)
> The format could look something like the following:
>
> acl { 'c:/windows/temp/tempfile.txt':
> ensure => present,
> permissions => {
> 'Administrators' => ['full']
> 'bob' => ['mwrx'],
> 'SomeDomain\Lisa' => [x10000000,'allow','inherit','one_level'],
> 'S-5-1-18' => ['wrx','deny','inherit_objects_only','inherit_only']
> },
> }
>
> acl { 'c:/windows/temp/locked_dir':
> ensure => exact,
>
>
That one throws me.. ensure exact? I would expect 'exact' to be the same as
'present' (which in thise case is kinda odd wording- but so is exact.. who
would want puppet to "almost" ensure something?
>
> permissions => {
> 'Administrators' => ['full']
> },
> }
>
> Before you have an opportunity to look at the proposal and comment on
> specifics, how self-documenting is the above model? What would you add or
> remove?
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
