Paul Chernoch
2014-Sep-09 18:30 UTC
[Puppet Users] What do you use the 'group' attribute for when using the acl module?
The *acl *module has a parameter named '*group*' which takes a list of users, groups or SIDs. What is it for? When would I need it? The documentation is fuzzy. This is what it says: Properties <https://github.com/puppetlabs/puppetlabs-acl#group>group The entity or entities that have access to a particular ACL descriptor. The group identity is also known as a trustee or principal. Valid inputs can be in the form of: - User - e.g. 'Bob' or 'TheNet\Bob' - Group - e.g. 'Administrators' or 'BUILTIN\Administrators' - SID (Security ID) - e.g. 'S-1-5-18' No default value will be enforced by Puppet. Using the default will allow the group to stay set to whatever it is currently set to (group can vary depending on the original CREATOR GROUP). Since the identity must exist on the system in order to be used, Puppet will make sure they exist by creating them as needed. *NOTE*: On Windows the CREATOR GROUP inherited ACE must be set for the creator's primary group to be set as an ACE automatically. Group is not always widely used. By default the group will also need to be specifically set as an explicit managed ACE. See Microsoft's page <http://support.microsoft.com/kb/126629> for instructions on enabling CREATOR GROUP. Paul -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/172c9ce0-bdd3-4f85-8fb5-c84a55d56fe5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.