-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
xFileSystemAccessRule: "The security identifier is not allowed to be the owner of this object." #3
Comments
There was a fix for this that was not moved over here which means we could have an regression issue in this module now. See potential fix here https://github.com/dsccommunity/xSystemSecurity/pull/14/files. |
I am experiencing the same behavior when removing rights from an existing directory.
@johlju - to implement your proposed fix, can I simply replace the necessary files with the ones in your link? |
@bendwyer I think replacing the files will remove other things. I think you need to copy and replace/add the green marked code into the correct place in the corresponding files in this repo. I would appreciate it a lot if you could give it a try. Let me know if you get stuck in any way. 🙂 |
Hi @johlju Would you like me to open a pull request with the updated file, or attach it here? |
Awesome! Yes, please open a pull request and then I can help out with the unit tests. |
@bendwyer Thank you for the PR! I will release a new release as soon as the tests passes. |
I have the following simple rule to give "Modify" permission on the directory:
When I apply this DSC configuration to clean system (no directory exists), everything works fine.
But when applying it on VM with already existing directory, I have the following error:
Googling a bit gave some results for Powershell Set-Acl cmdlet: http://www.mickputley.net/2015/11/set-acl-security-identifier-is-not.html
So, for now I implemented the following workaround using a
Script
resource:As stated in refrenced article, main idea is to use
(Get-Item $FolderPath).GetAccessControl('Access')
instead ofGet-ACL $FolderPath
.It seems like such fix must be used inside of
xFileSystemAccessRule
resource.The text was updated successfully, but these errors were encountered: