class Chef::ReservedNames::Win32::Security::SecurableObject
Constants
- SecurityConst
Attributes
Public Class Methods
Source
# File lib/chef/win32/security/securable_object.rb, line 28 def initialize(path, type = :SE_FILE_OBJECT) @path = path @type = type end
Public Instance Methods
Source
# File lib/chef/win32/security/securable_object.rb, line 73 def dacl=(val) Security.set_named_security_info(path, type, dacl: val) end
Source
# File lib/chef/win32/security/securable_object.rb, line 84 def group=(val) Security.set_named_security_info(path, type, group: val) end
Source
# File lib/chef/win32/security/securable_object.rb, line 88 def owner=(val) # TODO to fix serious permissions problems, we may need to enable SeBackupPrivilege. But we might need it (almost) everywhere else, too. Security.with_privileges("SeTakeOwnershipPrivilege", "SeRestorePrivilege") do Security.set_named_security_info(path, type, owner: val) end end
Source
# File lib/chef/win32/security/securable_object.rb, line 43 def predict_rights_mask(generic_mask) mask = generic_mask # mask |= Chef::ReservedNames::Win32::API::Security::STANDARD_RIGHTS_READ if (mask | Chef::ReservedNames::Win32::API::Security::GENERIC_READ) != 0 # mask |= Chef::ReservedNames::Win32::API::Security::STANDARD_RIGHTS_WRITE if (mask | Chef::ReservedNames::Win32::API::Security::GENERIC_WRITE) != 0 # mask |= Chef::ReservedNames::Win32::API::Security::STANDARD_RIGHTS_EXECUTE if (mask | Chef::ReservedNames::Win32::API::Security::GENERIC_EXECUTE) != 0 # mask |= Chef::ReservedNames::Win32::API::Security::STANDARD_RIGHTS_ALL if (mask | Chef::ReservedNames::Win32::API::Security::GENERIC_ALL) != 0 if type == :SE_FILE_OBJECT mask |= Chef::ReservedNames::Win32::API::Security::FILE_GENERIC_READ if (mask & Chef::ReservedNames::Win32::API::Security::GENERIC_READ) != 0 mask |= Chef::ReservedNames::Win32::API::Security::FILE_GENERIC_WRITE if (mask & Chef::ReservedNames::Win32::API::Security::GENERIC_WRITE) != 0 mask |= Chef::ReservedNames::Win32::API::Security::FILE_GENERIC_EXECUTE if (mask & Chef::ReservedNames::Win32::API::Security::GENERIC_EXECUTE) != 0 mask |= Chef::ReservedNames::Win32::API::Security::FILE_ALL_ACCESS if (mask & Chef::ReservedNames::Win32::API::Security::GENERIC_ALL) != 0 else raise "Unimplemented object type for predict_security_mask: #{type}" end mask &= ~(Chef::ReservedNames::Win32::API::Security::GENERIC_READ | Chef::ReservedNames::Win32::API::Security::GENERIC_WRITE | Chef::ReservedNames::Win32::API::Security::GENERIC_EXECUTE | Chef::ReservedNames::Win32::API::Security::GENERIC_ALL) mask end
This method predicts what the rights mask would be on an object if you created an ACE
with the given mask. Specifically, it looks for generic attributes like GENERIC_READ, and figures out what specific attributes will be set. This is important if you want to try to compare an existing ACE
with one you want to create.
Source
# File lib/chef/win32/security/securable_object.rb, line 95 def sacl=(val) Security.with_privileges("SeSecurityPrivilege") do Security.set_named_security_info(path, type, sacl: val) end end
Source
# File lib/chef/win32/security/securable_object.rb, line 61 def security_descriptor(include_sacl = false) security_information = Chef::ReservedNames::Win32::API::Security::OWNER_SECURITY_INFORMATION | Chef::ReservedNames::Win32::API::Security::GROUP_SECURITY_INFORMATION | Chef::ReservedNames::Win32::API::Security::DACL_SECURITY_INFORMATION if include_sacl security_information |= Chef::ReservedNames::Win32::API::Security::SACL_SECURITY_INFORMATION Security.with_privileges("SeSecurityPrivilege") do Security.get_named_security_info(path, type, security_information) end else Security.get_named_security_info(path, type, security_information) end end
Source
# File lib/chef/win32/security/securable_object.rb, line 80 def set_dacl(dacl, dacl_inherits) Security.set_named_security_info(path, type, dacl: dacl, dacl_inherits: dacl_inherits) end
You don’t set dacl_inherits without also setting dacl, because Windows gets angry and denies you access. So if you want to do that, you may as well do both at once.
Source
# File lib/chef/win32/security/securable_object.rb, line 101 def set_sacl(sacl, sacl_inherits) Security.with_privileges("SeSecurityPrivilege") do Security.set_named_security_info(path, type, sacl: sacl, sacl_inherits: sacl_inherits) end end