Well . . . It doesn't give me anything else helpful. Out of 142KB of log,
this seems relevant:
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["mask_specific"], mask =>
'2032063', affects => 'self_only' },
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["write", "read", "execute"
], affects => 'self_only' },
{ identity => 'Everyone', rights => ["read", "execute"], affects =>
'self_only' }
] to [
{ identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
{ identity => 'BUILTIN\Administrators', rights => ["full"], affects =>
'self_only' },
{ identity => 'BUILTIN\Users', rights => ["read", "execute"], affects =>
'self_only' },
{ identity => 'Everyone', rights => ["read", "execute"], affects =>
'self_only' }
] [0m
[1;31mError: /Stage[main]/Yum/Acl[chocolatey.config]: Could not evaluate:
The parameter is incorrect. - ReportEvent
The { identity => 'NT AUTHORITY\SYSTEM', rights => ["full"], affects =>
'self_only' },
repeats several hundred times that I didn't bother to paste here.
I am going to test with your simpler version to see if it makes a
difference...
On Friday, September 25, 2015 at 3:12:42 AM UTC-4, Rob Reynolds wrote:
>
>
>
> On Thu, Sep 24, 2015 at 7:25 AM, jmp242 <jp1...@gmail.com <javascript:>>
> wrote:
>
>> So per my previous post, I'm now trying to replace the file POSIX
>> permissions with ACLs. I'm apparently missing something though. I want to
>> replicate what I had before in the new supported method, i.e.:
>>
>> owner => 'SYSTEM',
>> group => 'Administrators',
>> mode => '0775',
>>
>>
>> So I tried doing:
>> acl { 'chocolatey.config':
>> target =>
>> 'C:/ProgramData/chocolatey/config/chocolatey.config',
>> purge => false,
>> permissions => [
>> {
>> identity => 'SYSTEM',
>> rights => [
>> 'full'],
>> perm_type => 'allow',
>> child_types => 'all',
>> affects => 'all'
>> }
>> ,
>> {
>> identity => 'Administrators',
>> rights => [
>> 'full'],
>> perm_type => 'allow',
>> child_types => 'all',
>> affects => 'all'
>> }
>> ,
>> {
>> identity => 'Users',
>> rights => [
>> 'read',
>> 'execute'],
>> perm_type => 'allow',
>> child_types => 'all',
>> affects => 'all'
>> }
>> ],
>> owner => 'SYSTEM', # Creator_Owner specific, doesn't
>> manage unless specified
>> group => 'Administrators', # Creator_Group specific,
>> doesn't manage unless specified
>> inherit_parent_permissions => true,
>> require => File['chocolatey.config'],
>> }
>>
>>
>> As I understand the documentation, this seems to map, mind you - being
>> far more verbose and complicated - to the original permissions.
>>
>
> Sure, it's a LOT more verbose if you add all of the defaults in. Leaving
> out the defaults and considering that acl already does autorequires on a
> file with the same path (we'll leave the requires in), this looks a lot
> better:
>
> acl { 'c:/ProgramData/chocolatey/config/chocolatey.config':
> permissions => [
> { identity => 'SYSTEM', rights => ['full']},
> { identity => 'Administrators', rights => ['full']},
> { identity => 'Users', rights => ['read', 'execute']},
> require => File['chocolatey.config'],
> }
>
>
>
>
>> However, I get errors:
>> Could not evaluate: The parameter is incorrect. - ReportEvent
>>
>> This doesn't really help me figure out what I did wrong here...
>>
>
>
> Not really sure what caused this. Might be good to see this with a
> `--debug --trace --verbose` run to see what may be causing the issue.
>
>
>
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users...@googlegroups.com <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/a49f14bc-6804-4ba8-a033-752a6da2a9cb%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/puppet-users/a49f14bc-6804-4ba8-a033-752a6da2a9cb%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> Rob Reynolds
> Developer, Puppet Labs
>
> *PuppetConf 2015 <http://2015.puppetconf.com/>** is right around the
> corner! Join us October 5-9 in Portland, OR. **Register now
> <https://puppetconf2015.eventbrite.com/>**.*
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/90939a2f-119e-431b-9c6d-557c3a4021b7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
