Do you have any code on github? Perhaps we can collaborate. I am doing a
bit of windows type and provider development currently (mostly learning how
;) I have a pendinga windows clustering provider, and a windows ad dns
provider in the works. I have also wrote a chocolatey provider that we
are now officially using on 100s of servers.
On Monday, January 28, 2013 5:01:10 PM UTC-5, damian....@gmail.com wrote:
> Hi Josh,
>
> First of all thanks for the quick reply.
>
> The main priorities to make Puppet usable on Windows for us would be:
>
> 1> Control complete state of the DACL for grant (we don't use deny).
> 2> Control inheritance on DACL (at the same time as being able to control
> other DACL grant entries for that object).
> 3> Control inheritance on SACL (we only set this at a higher level).
> 4> Set user account on Service.
>
> It would also be good to have the following (although don't think it would
> be a showstopper for adoption):
> 5> Control ACL on local SMB shares.
> 6> Control ACL on registry.
>
> And finally the nice to haves:
> 7> (Nice to have) Set DACL on parent directory but inherit permissions on
> all children when using source param with multiple levels of hierarchy.
> 8> (Nice to have) Set DACL on parent directory but inherit permissions on
> all children when using recurse param.
>
> Off the top of my head (not fully worked out all our requirements with the
> devs yet) I don't think we control access to any other types of windows
> object (e.g. service)
>
> I did start having a dig in the Puppet code for the file type and all of
> the building blocks are already there. I'm not sure how much effort it
> would be to write an ntfsfile class but I have started having a play with
> writing my own (in my spare time) but I've never written Ruby before so a
> reasonable learning curve (not least just to understand the mass of file
> and windows provider Puppet code let alone Ruby!). The permission setting
> methods are all there (e.g. set_acl and get_acl from security.rb including
> the protected parameter that i couldn't see a way of setting anywhere). My
> plan was to replace the mode param on file.rb with a dacl param that could
> take some form of friendly dacl description. The get_mode and set_mode
> methods could then be changed to translate between friendly dacl and real
> dacl rather than POSIX mode and dacl.
>
> The friendly DACL would use something like the following to describe each
> ACE:
> ntfsfile { 'myfile.txt' :
> require => file,
> dacl => [
> ['user1', grant, [FULL_CONTROL]],
> ['user2', grant, [FILE_READ]],
> ['group1', grant, [FILE_READ, FILE_WRITE,
> CHANGE_PERMISSIONS]],
> ['user3', deny, [FILE_READ, FILE_WRITE, FILE_EXECUTE]]
> ],
> inheritparent => false,
> source => 'puppet://modules/something/file.txt',
> }
>
>
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
