win_acl no longer needs SeSecurityPrivilege (#57804) (#64758)

* win_acl no longer needs SeSecurityPrivilege
Set-ACL raises missing SeSecurityPrivilege error when the inheritance
from the parent directory is disabled.

* fixes test sanity

* registry rights can only be modified with Set-ACL

* add changelog

(cherry picked from commit 95d613f3ab)
pull/64802/head
Jordan Borean 5 years ago committed by Matt Davis
parent d2d9a60eab
commit 25f8d0dcd3

@ -0,0 +1,2 @@
bugfixes:
- win_acl - Fixed error when setting rights on directory for which inheritance from parent directory has been disabled.

@ -176,7 +176,11 @@ Try {
If ($state -eq "present" -And $match -eq $false) { If ($state -eq "present" -And $match -eq $false) {
Try { Try {
$objACL.AddAccessRule($objACE) $objACL.AddAccessRule($objACE)
If ($path_item.PSProvider.Name -eq "Registry") {
Set-ACL -LiteralPath $path -AclObject $objACL Set-ACL -LiteralPath $path -AclObject $objACL
} else {
(Get-Item -LiteralPath $path).SetAccessControl($objACL)
}
$result.changed = $true $result.changed = $true
} }
Catch { Catch {
@ -186,7 +190,11 @@ Try {
ElseIf ($state -eq "absent" -And $match -eq $true) { ElseIf ($state -eq "absent" -And $match -eq $true) {
Try { Try {
$objACL.RemoveAccessRule($objACE) $objACL.RemoveAccessRule($objACE)
If ($path_item.PSProvider.Name -eq "Registry") {
Set-ACL -LiteralPath $path -AclObject $objACL Set-ACL -LiteralPath $path -AclObject $objACL
} else {
(Get-Item -LiteralPath $path).SetAccessControl($objACL)
}
$result.changed = $true $result.changed = $true
} }
Catch { Catch {

Loading…
Cancel
Save