diff options
Diffstat (limited to 'lib/puppet/util')
-rw-r--r-- | lib/puppet/util/settings.rb | 1 | ||||
-rw-r--r-- | lib/puppet/util/settings/file_setting.rb | 3 | ||||
-rw-r--r-- | lib/puppet/util/suidmanager.rb | 15 |
3 files changed, 17 insertions, 2 deletions
diff --git a/lib/puppet/util/settings.rb b/lib/puppet/util/settings.rb index caaf61b7b..3039a7b0a 100644 --- a/lib/puppet/util/settings.rb +++ b/lib/puppet/util/settings.rb @@ -780,6 +780,7 @@ if @config.include?(:run_mode) # Create the transportable objects for users and groups. def add_user_resources(catalog, sections) return unless Puppet.features.root? + return if Puppet.features.microsoft_windows? return unless self[:mkusers] @config.each do |name, setting| diff --git a/lib/puppet/util/settings/file_setting.rb b/lib/puppet/util/settings/file_setting.rb index 0fa65d846..f02a0c547 100644 --- a/lib/puppet/util/settings/file_setting.rb +++ b/lib/puppet/util/settings/file_setting.rb @@ -93,7 +93,8 @@ class Puppet::Util::Settings::FileSetting < Puppet::Util::Settings::Setting if Puppet[:manage_internal_file_permissions] resource[:mode] = self.mode if self.mode - if Puppet.features.root? + # REMIND fails on Windows because chown/chgrp functionality not supported yet + if Puppet.features.root? and !Puppet.features.microsoft_windows? resource[:owner] = self.owner if self.owner resource[:group] = self.group if self.group end diff --git a/lib/puppet/util/suidmanager.rb b/lib/puppet/util/suidmanager.rb index 697bce111..d2772002e 100644 --- a/lib/puppet/util/suidmanager.rb +++ b/lib/puppet/util/suidmanager.rb @@ -37,7 +37,20 @@ module Puppet::Util::SUIDManager module_function :groups= def self.root? - Process.uid == 0 + return Process.uid == 0 unless Puppet.features.microsoft_windows? + + require 'sys/admin' + require 'win32/security' + + # if Vista or later, check for unrestricted process token + begin + return Win32::Security.elevated_security? + rescue Win32::Security::Error => e + raise e unless e.to_s =~ /Incorrect function/i + end + + group = Sys::Admin.get_group("Administrators", :sid => Win32::Security::SID::BuiltinAdministrators) + group and group.members.index(Sys::Admin.get_login) != nil end # Runs block setting uid and gid if provided then restoring original ids |