Class: Chef::FileAccessControl

Inherits:
Object
  • Object
show all
Includes:
Unix, Windows
Defined in:
lib/chef/file_access_control.rb,
lib/chef/file_access_control/unix.rb,
lib/chef/file_access_control/windows.rb

Overview

Chef::FileAccessControl

FileAccessControl objects set the owner, group and mode of file to the values specified by a value object, usually a Chef::Resource.

Defined Under Namespace

Modules: Unix, Windows

Constant Summary

Constants included from Unix

Unix::UID_MAX, Unix::UINT

Constants included from Windows

Windows::ACE, Windows::ACL, Windows::SID, Windows::Security

Constants included from ReservedNames::Win32::API::Security

ReservedNames::Win32::API::Security::ACCESS_ALLOWED_ACE_TYPE, ReservedNames::Win32::API::Security::ACCESS_ALLOWED_CALLBACK_ACE_TYPE, ReservedNames::Win32::API::Security::ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE, ReservedNames::Win32::API::Security::ACCESS_ALLOWED_COMPOUND_ACE_TYPE, ReservedNames::Win32::API::Security::ACCESS_ALLOWED_OBJECT_ACE_TYPE, ReservedNames::Win32::API::Security::ACCESS_DENIED_ACE_TYPE, ReservedNames::Win32::API::Security::ACCESS_DENIED_CALLBACK_ACE_TYPE, ReservedNames::Win32::API::Security::ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE, ReservedNames::Win32::API::Security::ACCESS_DENIED_OBJECT_ACE_TYPE, ReservedNames::Win32::API::Security::ACCESS_MAX_MS_ACE_TYPE, ReservedNames::Win32::API::Security::ACCESS_MAX_MS_OBJECT_ACE_TYPE, ReservedNames::Win32::API::Security::ACCESS_MAX_MS_V2_ACE_TYPE, ReservedNames::Win32::API::Security::ACCESS_MAX_MS_V3_ACE_TYPE, ReservedNames::Win32::API::Security::ACCESS_MAX_MS_V4_ACE_TYPE, ReservedNames::Win32::API::Security::ACCESS_MAX_MS_V5_ACE_TYPE, ReservedNames::Win32::API::Security::ACCESS_MIN_MS_ACE_TYPE, ReservedNames::Win32::API::Security::ACCESS_MIN_MS_OBJECT_ACE_TYPE, ReservedNames::Win32::API::Security::ACCESS_SYSTEM_SECURITY, ReservedNames::Win32::API::Security::ACL_REVISION, ReservedNames::Win32::API::Security::ACL_REVISION1, ReservedNames::Win32::API::Security::ACL_REVISION2, ReservedNames::Win32::API::Security::ACL_REVISION3, ReservedNames::Win32::API::Security::ACL_REVISION4, ReservedNames::Win32::API::Security::ACL_REVISION_DS, ReservedNames::Win32::API::Security::CONTAINER_INHERIT_ACE, ReservedNames::Win32::API::Security::DACL_SECURITY_INFORMATION, ReservedNames::Win32::API::Security::DELETE, ReservedNames::Win32::API::Security::ELEVATION_TYPE, ReservedNames::Win32::API::Security::FAILED_ACCESS_ACE_FLAG, ReservedNames::Win32::API::Security::FILE_ADD_FILE, ReservedNames::Win32::API::Security::FILE_ADD_SUBDIRECTORY, ReservedNames::Win32::API::Security::FILE_ALL_ACCESS, ReservedNames::Win32::API::Security::FILE_APPEND_DATA, ReservedNames::Win32::API::Security::FILE_CREATE_PIPE_INSTANCE, ReservedNames::Win32::API::Security::FILE_DELETE_CHILD, ReservedNames::Win32::API::Security::FILE_EXECUTE, ReservedNames::Win32::API::Security::FILE_GENERIC_EXECUTE, ReservedNames::Win32::API::Security::FILE_GENERIC_READ, ReservedNames::Win32::API::Security::FILE_GENERIC_WRITE, ReservedNames::Win32::API::Security::FILE_LIST_DIRECTORY, ReservedNames::Win32::API::Security::FILE_READ_ATTRIBUTES, ReservedNames::Win32::API::Security::FILE_READ_DATA, ReservedNames::Win32::API::Security::FILE_READ_EA, ReservedNames::Win32::API::Security::FILE_TRAVERSE, ReservedNames::Win32::API::Security::FILE_WRITE_ATTRIBUTES, ReservedNames::Win32::API::Security::FILE_WRITE_DATA, ReservedNames::Win32::API::Security::FILE_WRITE_EA, ReservedNames::Win32::API::Security::GENERIC_ALL, ReservedNames::Win32::API::Security::GENERIC_EXECUTE, ReservedNames::Win32::API::Security::GENERIC_READ, ReservedNames::Win32::API::Security::GENERIC_WRITE, ReservedNames::Win32::API::Security::GROUP_SECURITY_INFORMATION, ReservedNames::Win32::API::Security::INHERITED_ACE, ReservedNames::Win32::API::Security::INHERIT_ONLY_ACE, ReservedNames::Win32::API::Security::LABEL_SECURITY_INFORMATION, ReservedNames::Win32::API::Security::LOGON32_LOGON_BATCH, ReservedNames::Win32::API::Security::LOGON32_LOGON_INTERACTIVE, ReservedNames::Win32::API::Security::LOGON32_LOGON_NETWORK, ReservedNames::Win32::API::Security::LOGON32_LOGON_NETWORK_CLEARTEXT, ReservedNames::Win32::API::Security::LOGON32_LOGON_NEW_CREDENTIALS, ReservedNames::Win32::API::Security::LOGON32_LOGON_SERVICE, ReservedNames::Win32::API::Security::LOGON32_LOGON_UNLOCK, ReservedNames::Win32::API::Security::LOGON32_PROVIDER_DEFAULT, ReservedNames::Win32::API::Security::LOGON32_PROVIDER_WINNT35, ReservedNames::Win32::API::Security::LOGON32_PROVIDER_WINNT40, ReservedNames::Win32::API::Security::LOGON32_PROVIDER_WINNT50, ReservedNames::Win32::API::Security::MAXDWORD, ReservedNames::Win32::API::Security::MAX_ACL_REVISION, ReservedNames::Win32::API::Security::MIN_ACL_REVISION, ReservedNames::Win32::API::Security::NO_PROPAGATE_INHERIT_ACE, ReservedNames::Win32::API::Security::OBJECT_INHERIT_ACE, ReservedNames::Win32::API::Security::OWNER_SECURITY_INFORMATION, ReservedNames::Win32::API::Security::POLICY_AUDIT_LOG_ADMIN, ReservedNames::Win32::API::Security::POLICY_CREATE_ACCOUNT, ReservedNames::Win32::API::Security::POLICY_CREATE_PRIVILEGE, ReservedNames::Win32::API::Security::POLICY_CREATE_SECRET, ReservedNames::Win32::API::Security::POLICY_GET_PRIVATE_INFORMATION, ReservedNames::Win32::API::Security::POLICY_LOOKUP_NAMES, ReservedNames::Win32::API::Security::POLICY_NOTIFICATION, ReservedNames::Win32::API::Security::POLICY_SERVER_ADMIN, ReservedNames::Win32::API::Security::POLICY_SET_AUDIT_REQUIREMENTS, ReservedNames::Win32::API::Security::POLICY_SET_DEFAULT_QUOTA_LIMITS, ReservedNames::Win32::API::Security::POLICY_TRUST_ADMIN, ReservedNames::Win32::API::Security::POLICY_VIEW_AUDIT_INFORMATION, ReservedNames::Win32::API::Security::POLICY_VIEW_LOCAL_INFORMATION, ReservedNames::Win32::API::Security::PROTECTED_DACL_SECURITY_INFORMATION, ReservedNames::Win32::API::Security::PROTECTED_SACL_SECURITY_INFORMATION, ReservedNames::Win32::API::Security::READ_CONTROL, ReservedNames::Win32::API::Security::SACL_SECURITY_INFORMATION, ReservedNames::Win32::API::Security::SECURITY_DESCRIPTOR_MIN_LENGTH, ReservedNames::Win32::API::Security::SECURITY_DESCRIPTOR_REVISION, ReservedNames::Win32::API::Security::SECURITY_DESCRIPTOR_REVISION1, ReservedNames::Win32::API::Security::SECURITY_IMPERSONATION_LEVEL, ReservedNames::Win32::API::Security::SE_DACL_AUTO_INHERITED, ReservedNames::Win32::API::Security::SE_DACL_AUTO_INHERIT_REQ, ReservedNames::Win32::API::Security::SE_DACL_DEFAULTED, ReservedNames::Win32::API::Security::SE_DACL_PRESENT, ReservedNames::Win32::API::Security::SE_DACL_PROTECTED, ReservedNames::Win32::API::Security::SE_GROUP_DEFAULTED, ReservedNames::Win32::API::Security::SE_OBJECT_TYPE, ReservedNames::Win32::API::Security::SE_OWNER_DEFAULTED, ReservedNames::Win32::API::Security::SE_PRIVILEGE_ENABLED, ReservedNames::Win32::API::Security::SE_PRIVILEGE_ENABLED_BY_DEFAULT, ReservedNames::Win32::API::Security::SE_PRIVILEGE_REMOVED, ReservedNames::Win32::API::Security::SE_PRIVILEGE_USED_FOR_ACCESS, ReservedNames::Win32::API::Security::SE_PRIVILEGE_VALID_ATTRIBUTES, ReservedNames::Win32::API::Security::SE_RM_CONTROL_VALID, ReservedNames::Win32::API::Security::SE_SACL_AUTO_INHERITED, ReservedNames::Win32::API::Security::SE_SACL_AUTO_INHERIT_REQ, ReservedNames::Win32::API::Security::SE_SACL_DEFAULTED, ReservedNames::Win32::API::Security::SE_SACL_PRESENT, ReservedNames::Win32::API::Security::SE_SACL_PROTECTED, ReservedNames::Win32::API::Security::SE_SELF_RELATIVE, ReservedNames::Win32::API::Security::SID_NAME_USE, ReservedNames::Win32::API::Security::SPECIFIC_RIGHTS_ALL, ReservedNames::Win32::API::Security::STANDARD_RIGHTS_ALL, ReservedNames::Win32::API::Security::STANDARD_RIGHTS_EXECUTE, ReservedNames::Win32::API::Security::STANDARD_RIGHTS_READ, ReservedNames::Win32::API::Security::STANDARD_RIGHTS_REQUIRED, ReservedNames::Win32::API::Security::STANDARD_RIGHTS_WRITE, ReservedNames::Win32::API::Security::SUBFOLDERS_AND_FILES_ONLY, ReservedNames::Win32::API::Security::SUCCESSFUL_ACCESS_ACE_FLAG, ReservedNames::Win32::API::Security::SYNCHRONIZE, ReservedNames::Win32::API::Security::SYSTEM_ALARM_ACE_TYPE, ReservedNames::Win32::API::Security::SYSTEM_ALARM_CALLBACK_ACE_TYPE, ReservedNames::Win32::API::Security::SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE, ReservedNames::Win32::API::Security::SYSTEM_ALARM_OBJECT_ACE_TYPE, ReservedNames::Win32::API::Security::SYSTEM_AUDIT_ACE_TYPE, ReservedNames::Win32::API::Security::SYSTEM_AUDIT_CALLBACK_ACE_TYPE, ReservedNames::Win32::API::Security::SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE, ReservedNames::Win32::API::Security::SYSTEM_AUDIT_OBJECT_ACE_TYPE, ReservedNames::Win32::API::Security::SYSTEM_MANDATORY_LABEL_ACE_TYPE, ReservedNames::Win32::API::Security::TOKEN_ADJUST_DEFAULT, ReservedNames::Win32::API::Security::TOKEN_ADJUST_GROUPS, ReservedNames::Win32::API::Security::TOKEN_ADJUST_PRIVILEGES, ReservedNames::Win32::API::Security::TOKEN_ADJUST_SESSIONID, ReservedNames::Win32::API::Security::TOKEN_ALL_ACCESS, ReservedNames::Win32::API::Security::TOKEN_ASSIGN_PRIMARY, ReservedNames::Win32::API::Security::TOKEN_DUPLICATE, ReservedNames::Win32::API::Security::TOKEN_IMPERSONATE, ReservedNames::Win32::API::Security::TOKEN_INFORMATION_CLASS, ReservedNames::Win32::API::Security::TOKEN_QUERY, ReservedNames::Win32::API::Security::TOKEN_QUERY_SOURCE, ReservedNames::Win32::API::Security::TOKEN_READ, ReservedNames::Win32::API::Security::UNPROTECTED_DACL_SECURITY_INFORMATION, ReservedNames::Win32::API::Security::UNPROTECTED_SACL_SECURITY_INFORMATION, ReservedNames::Win32::API::Security::VALID_INHERIT_FLAGS, ReservedNames::Win32::API::Security::WRITE, ReservedNames::Win32::API::Security::WRITE_DAC, ReservedNames::Win32::API::Security::WRITE_OWNER

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Unix

#current_gid, #current_mode, #current_uid, #define_resource_requirements, #describe_changes, #gid_from_resource, included, #manage_symlink_attrs?, #mode_from_resource, #mode_to_s, #requires_changes?, #set_all, #set_all!, #set_group, #set_group!, #set_mode, #set_mode!, #set_owner, #set_owner!, #should_update_group?, #should_update_mode?, #should_update_owner?, #stat, #target_gid, #target_mode, #target_uid

Methods included from Windows

#define_resource_requirements, #describe_changes, included, #requires_changes?, #set_all, #set_all!

Constructor Details

#initialize(current_resource, new_resource, provider) ⇒ FileAccessControl

FileAccessControl objects set the owner, group and mode of file to the values specified by resource. file is completely independent of any file or path attribute on resource, so it is possible to set access control settings on a tempfile (for example).

Arguments:

resource: probably a Chef::Resource::File object (or subclass), but

this is not required. Must respond to +owner+, +group+,
and +mode+

file: The file whose access control settings you wish to modify,

given as a String.

TODO requiring current_resource will break cookbook_file template_file



56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
# File 'lib/chef/file_access_control.rb', line 56

def initialize(current_resource, new_resource, provider)
  @current_resource, @resource, @provider = current_resource, new_resource, provider
  @file = @current_resource.path
  @modified = false

  # When running on Windows in target mode the remote host is a Unix
  # system managed via SSH.  Extend this instance with the Unix access
  # control module so that permissions are applied via TargetIO
  # (chmod/chown over SSH) rather than Win32 security APIs against a
  # path that does not exist on the local Windows filesystem.
  if RUBY_PLATFORM.match?(/mswin|mingw|windows/) && ChefConfig::Config.target_mode?
    extend FileAccessControl::Unix
  end
end

Instance Attribute Details

#current_resourceObject (readonly)

Returns the value of attribute current_resource.



39
40
41
 
# File 'lib/chef/file_access_control.rb', line 39

def current_resource
  @current_resource
end

#fileObject (readonly)

Returns the value of attribute file.



42
43
44
 
# File 'lib/chef/file_access_control.rb', line 42

def file
  @file
end

#providerObject (readonly)

Returns the value of attribute provider.



41
42
43
 
# File 'lib/chef/file_access_control.rb', line 41

def provider
  @provider
end

#resourceObject (readonly)

Returns the value of attribute resource.



40
41
42
 
# File 'lib/chef/file_access_control.rb', line 40

def resource
  @resource
end

Instance Method Details

#modified?Boolean

Returns:

  • (Boolean) 


71
72
73
 
# File 'lib/chef/file_access_control.rb', line 71

def modified?
  @modified
end