Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Integrate windows_user_privilege in chef core #8853

Annih opened this issue Aug 29, 2019 · 1 comment


Copy link

commented Aug 29, 2019

Core Chef Resource Checklist

Before suggesting a resource for inclusion please make sure your suggestion meets these criteria for resources built into Chef:

  • Automates an operating system component that ships by default on systems such as authentication, raid, disk partitions, firewalls, containers, or virtualization systems.
  • Does not attempt automate 3rd party applications such as database, web, or application servers, which are best suited for cookbooks due to their fast moving nature.

Describe the resource:

The windows_user_privilege adds the principal (User/Group) to the specified privileges (such as Logon as a batch job or Logon as a Service).

Why should this be included out of the box?:

  • Automating windows servers frequently requires that you edit account privileges, to setup services or schedule tasks for instances.
  • When you want to setup a simple cron task on linux you don't need to include the "linux" cookbook, it's a pain to have to include "windows" on windows for such a trivial thing.
  • The base libaries used in the implementation are located in Chef core, it would make sens to have the resource implementation at the same place
  • Windows Services reimplement this resource to grant SeServiceLoginRight, it could be refactored to take advantage of this new resource.

What operating systems would it run on?

Windows only

Current cookbook implementation:

Can We Help You Implement This?:

I'm OK to move the code as it, this is trivial, but should I:

  • change the copyrights
  • add chefspecs (there is none in in windows cookbook)

This comment has been minimized.

Copy link

commented Sep 3, 2019

@Annih we wouldn't remove any copyrights when copying code across, only add additional ones if we made significant changes are part of the move. that said, I don't see a copyright on that file in the windows cookbook, just an author line which I would treat the same way.

We should add a functional test (spec/functional/resource) though.

I wondered a bit about adding privilege property to the existing windows_user resource.

windows_user  'Administrator' do
  privilege %w(SeBatchLogonRight SeServiceLogonRight)
  action :modify

Although the existing actions wouldn't give you the ability to add or remove specific privileges, only explicitly set all of them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
4 participants
You can’t perform that action at this time.