Jira (PUP-2985) Win32-Security does not work with fully qualified ALL APPLICATION PACKAGES group
Title: Message Title Ethan Brown commented on PUP-2985 Re: Win32-Security does not work with fully qualified ALL APPLICATION PACKAGES group Now that PUP-5538 is merged and some of the underlying code has been rewritten... I revisited this on Windows 2012R2. The SID S-1-15-2-1 is the well-known SID for ALL APPLICATION PACKAGES, so we can perform a lookup that way: Puppet::Util::Windows::SID.name_to_sid_object('S-1-15-2-1') The results are correct as: irb(main):003:0> Puppet::Util::Windows::SID.name_to_sid_object('S-1-15-2-1') => # @account="ALL APPLICATION PACKAGES", @sid_bytes=[1, 2, 0, 0, 0, 0, 0, 15, 2, 0, 0, 0, 1, 0, 0, 0], @sid="S-1-15-2-1", @domain="APPLICATION PACKAGE AUTHORITY", @domain_account="APPLICATION PACKAGE AUTHORITY\\ALL
Jira (PUP-2985) Win32-Security does not work with fully qualified ALL APPLICATION PACKAGES group
Title: Message Title Rob Reynolds moved an issue Puppet / PUP-2985 Win32-Security does not work with fully qualified ALL APPLICATION PACKAGES group Change By: Rob Reynolds Component/s: acl Component/s: Client Workflow: Forge Platform Workflow Key: MODULES PUP - 1233 2985 Project: ForgeModules Puppet Add Comment This message was sent by Atlassian JIRA (v6.1.4#6159-sha1:44eaede) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group,
Jira (PUP-2985) Win32-Security does not work with fully qualified ALL APPLICATION PACKAGES group
Title: Message Title Rob Reynolds updated an issue Puppet / PUP-2985 Win32-Security does not work with fully qualified ALL APPLICATION PACKAGES group Change By: Rob Reynolds Affects Version/s: 3.6.2 Add Comment This message was sent by Atlassian JIRA (v6.1.4#6159-sha1:44eaede) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2985) Win32-Security does not work with fully qualified ALL APPLICATION PACKAGES group
Title: Message Title Rob Reynolds updated an issue Puppet / PUP-2985 Win32-Security does not work with fully qualified ALL APPLICATION PACKAGES group Change By: Rob Reynolds Labels: puppetlabs-acl windows Add Comment This message was sent by Atlassian JIRA (v6.1.4#6159-sha1:44eaede) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2985) Win32-Security does not work with fully qualified ALL APPLICATION PACKAGES group
Title: Message Title Rob Reynolds updated an issue Puppet / PUP-2985 Win32-Security does not work with fully qualified ALL APPLICATION PACKAGES group Change By: Rob Reynolds E.g.https://github.com/puppetlabs/puppetlabs-aclgivesanerrorwhenyoutrytouseitwiththeALLAPPLICATIONPACKAGESgroup.Yourdevelopersprobablyhavethesamebugasthisguy:http://stackoverflow.com/questions/17761826/assigning-folder-permissions-to-all-application-packages-group {noformat} file{'c PSC :\ temp':ensure= code\puppetlabs\puppet directory,}acl{'c ruby-rwin32/security-eputsWin32 : \temp' : Security::S permissions=[{identity= ID.new( ' Administrator',rights=['full']},{identity=' ALLAPPLICATIONPACKAGES' ,rights=['read']}],}{noformat}Outputofrun(TL;DR-youcanseeitrecognizestheuserbuthasanissueinapplication ) : {noformat}Notice:Compiledcatalogforwin S - e5k8tm30719inenvironmentproductionin0.12seconds 1-15-2-1 Notice PSC : /Stage[main]/Main/Acl[c: \ temp]/permissions:permissionschanged[{identity='WIN-E5K8TM30719 code \ Administrator',rights=[full]}]to[{identity='WIN-E5K8TM30719 puppetlabs \ Administrator',rights= puppet [full]},{identity='APPLICATIONPACKAGEAUTHORITY\ALLAPPLICATIONPACKAGES',rights=[read]}]Error: ruby-rwin32 / Stage[main]/Main/Acl[c:\temp]:Couldnotevaluate:Failedtoset security descriptorforpath'c -eputsWin32 : \temp' : FailedtoconvertstringSID Security :: Theparameterisincorrect. S Notice:Finishedcatalogrunin0 ID . 27seconds{noformat}Withdebug,traceandverboseoutputon:{noformat}Info:Applyingconfigurationversion new( ' 1406221744'Notice:/Stage[main]/Main/Acl[c:\temp]/permissions:permissionschanged[{identity='WIN-E5K8TM30719\Administrator',rights=[full]}]to[{identity='WIN-E5K8TM30719\Administrator',rights=[full]},{identity=' APPLICATIONPACKAGEAUTHORITY\ALLAPPLICATIONPACKAGES' ,rights=[ ) read]} ]Error:/Stage[main]/Main/Acl[c:\temp]:Couldnotevaluate:Failedtosetsecuritydescriptorforpath'c:\temp':FailedtoconvertstringSID::Theparameterisincorrect. C:/ ProgramFiles(x86) tools / PuppetLabs ruby193 / Puppet/puppet/ lib/ puppet ruby / util gems / windows/sid 1 . rb:97:in`string_to_sid_ptr'C:/ProgramFiles(x86)/PuppetLabs/Puppet/puppet/lib/puppet/util/windows/security 9 . rb:392:in`add_access_allowed_ace'C: 1 / ProgramFiles(x86) gems / PuppetLabs/Puppet/puppet/lib/puppet/util/windows/security win32-security-0 . rb:608:in`block(6levels)inset_security_descriptor'C:/ProgramFiles(x86)/PuppetLabs/Puppet/puppet/lib/puppet/util/windows/access_control_list 2 . rb:28:in`blockineach'C:/ProgramFiles(x86)/PuppetLabs/Puppet/puppet/lib/puppet/util/windows/access_control_list.rb:28:in`each'C:/ProgramFiles(x86)/PuppetLabs/Puppet/puppet/lib/puppet/util/windows/access_control_list.rb:28:in`each'C:/ProgramFiles(x86)/PuppetLabs/Puppet/puppet/lib/puppet/util/windows/security.rb:604:in`block( 5 levels)inset_security_descriptor'C: / ProgramFiles(x86)/PuppetLabs/Puppet/puppet/ lib/ puppet win32 / util/windows/sid.rb:101:in`string_to_sid_ptr'C:/ProgramFiles(x86)/PuppetLabs/Puppet/puppet/lib/puppet/util/windows/ security .rb:603:in`block(4levels)inset_security_descriptor'C: / ProgramFiles(x86)/PuppetLabs/Puppet/puppet/lib/puppet/util/windows/ sid.rb: 101 267 :in` string_to_sid_ptr initialize ' C : /ProgramFiles(x86)/PuppetLabs/Puppet/puppet/lib/puppet/util/windows/securit NomappingbetweenaccountnamesandsecurityIDs y wasdone . rb:602:in`block