Because we create files in a temporary directory and then perform an
atomic move to the destination directory, on Windows the file keeps
the permissions from where it was created rather than inheriting the
DACLs of the final destination. Ideally the file would not have any
ACLs set and would inherit only, unless specified otherwise. There are
a couple ideas so far, does anyone have input or a better one?
Copy the file instead of move
Pro: new file inherits DACLs by default
Con: performance loss due to copy
Con: [rare] possibility of disk space issue for large file
Use ICACLS to reset the permissions after the move
Con: Not ubiquitous. CACLS on XP?
Have Chef use the destination directory as temporary folder but
create a temporary file there
Pro: always on the right file system
Pro: Creates correct DACLs on Windows
Con: Not atomic
Con: Cruft could break “.d” style configuration directories.
#3 but just for Windows
Con: Cruft still could break “.d” style configuration directories.