I was hoping someone might be able to clarify something for me on Windows
When you specify rights, they are considered a complete description of all
explicit rights on a file: all existing explicit rights will be removed
and the new ones added. (Inherited rights will remain on the file).
Initially I had read this is as “if the existing permissions don’t match,
they will all be blown away and replaced with what you defined”, however my
testing is showing it doesn’t care if the specified rights are identical to
what is in place (IE on chef run #2). Instead the permissions are reset
every single run. This was also discussed here:
So could someone clarify if resetting permissions even when they don’t need
changing is indeed the “intended” behavior? If so how are folks
achieving idempotent behavior on template resources that are leverage
windows rights? The post in the other thread which uses the file resource
wrapper could possibly work (I have not tested yet), but obviously not
declaring each template I need via two resources would be preferred.
This is running chef-client 10.12, and I’m ideally I’m looking for a
solution that works on that version as a wholesale upgrade is a little of
scope of this particular use case.