From 95d613f3ab376af8c06399d256d931c6c00c21d6 Mon Sep 17 00:00:00 2001 From: P-Hessler <43963088+P-Hessler@users.noreply.github.com> Date: Wed, 13 Nov 2019 00:54:57 +0100 Subject: [PATCH] win_acl no longer needs SeSecurityPrivilege (#57804) * win_acl no longer needs SeSecurityPrivilege Set-ACL raises missing SeSecurityPrivilege error when the inheritance from the parent directory is disabled. * fixes test sanity * registry rights can only be modified with Set-ACL * add changelog --- ...4-win_acl-no-longer-needs-SeSecurityPrivilege.yml | 2 ++ lib/ansible/modules/windows/win_acl.ps1 | 12 ++++++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) create mode 100644 changelogs/fragments/57804-win_acl-no-longer-needs-SeSecurityPrivilege.yml diff --git a/changelogs/fragments/57804-win_acl-no-longer-needs-SeSecurityPrivilege.yml b/changelogs/fragments/57804-win_acl-no-longer-needs-SeSecurityPrivilege.yml new file mode 100644 index 0000000000..4f210d4d6b --- /dev/null +++ b/changelogs/fragments/57804-win_acl-no-longer-needs-SeSecurityPrivilege.yml @@ -0,0 +1,2 @@ +bugfixes: + - win_acl - Fixed error when setting rights on directory for which inheritance from parent directory has been disabled. diff --git a/lib/ansible/modules/windows/win_acl.ps1 b/lib/ansible/modules/windows/win_acl.ps1 index 8fc344bfc1..e3c3813038 100644 --- a/lib/ansible/modules/windows/win_acl.ps1 +++ b/lib/ansible/modules/windows/win_acl.ps1 @@ -176,7 +176,11 @@ Try { If ($state -eq "present" -And $match -eq $false) { Try { $objACL.AddAccessRule($objACE) - Set-ACL -LiteralPath $path -AclObject $objACL + If ($path_item.PSProvider.Name -eq "Registry") { + Set-ACL -LiteralPath $path -AclObject $objACL + } else { + (Get-Item -LiteralPath $path).SetAccessControl($objACL) + } $result.changed = $true } Catch { @@ -186,7 +190,11 @@ Try { ElseIf ($state -eq "absent" -And $match -eq $true) { Try { $objACL.RemoveAccessRule($objACE) - Set-ACL -LiteralPath $path -AclObject $objACL + If ($path_item.PSProvider.Name -eq "Registry") { + Set-ACL -LiteralPath $path -AclObject $objACL + } else { + (Get-Item -LiteralPath $path).SetAccessControl($objACL) + } $result.changed = $true } Catch {