User rights on drive


#1

Hi All,
i am using below code to set the directory security permission for given user.

directory ‘E:\’ do
rights :full_control, ‘TestUser’
inherits true
action :create
end

using above code its setting full control for test user to e drive but its removing for default groups and users such as SYSTEM, Administrator, Users groups.

My requirement is to add the test user without impacting other groups/users rights.

help in this regards is highly appreciated.


#2

As I read it, this is working as designed.

(From: https://docs.chef.io/resource_directory.html):
"Some other important things to know when using the rights attribute:

Only inherited rights remain. All existing explicit rights on the object are removed and replaced.
If rights are not specified, nothing will be changed. The chef-client does not clear out the rights on a file or directory if rights are not specified.
Changing inherited rights can be expensive. Microsoft Windows will propagate rights to all children recursively due to inheritance. This is a normal aspect of Microsoft Windows, so consider the frequency with which this type of action is necessary and take steps to control this type of action if performance is the primary consideration."

In order to specify rights, you should probably pass a hash of all of the users / groups that should have the “full control” right.


#3

Thanks @byteflyer.