upstream/icinga-powershell-framework
1
0
Fork 0
mirror of https://github.com/Icinga/icinga-powershell-framework.git synced 2025-12-21 07:10:15 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
icinga-powershell-framework/lib/core/icingaagent/tests/Test-IcingaAcl.psm1
Lord Hepipud 25dc0031b0 Added Icinga Agent management Cmdlets
2019-09-29 18:25:40 +02:00

45 lines
2 KiB
PowerShell
Raw Blame History

function Test-IcingaAcl()
{
param(
[string]$Directory,
[switch]$WriteOutput
);
if (-Not (Test-Path $Directory)) {
throw 'The specified directory was not found';
}
$FolderACL = Get-Acl $Directory;
$ServiceUser = Get-IcingaServiceUser;
$UserFound = $FALSE;
$HasAccess = $FALSE;
foreach ($user in $FolderACL.Access) {
# Not only check here for the exact name but also for included strings like NT AU or NT-AU or even further later on
# As the Get-Acl Cmdlet will translate usernames into the own language, resultng in 'NT AUTHORITY\NetworkService' being translated
# to 'NT-AUTORITÄT\Netzwerkdienst' for example
if ($user.IdentityReference -like "*$ServiceUser" -Or ($ServiceUser -Like '*NT AU*' -And ($user.IdentityReference -Like '*NT AU*' -Or $user.IdentityReference -Like '*NT-AU*'))) {
$UserFound = $TRUE;
if ($user.FileSystemRights -Like '*Modify*' -And $user.FileSystemRights -Like '*Synchronize*') {
$HasAccess = $TRUE;
}
}
}
if ($WriteOutput) {
[string]$messageFormat = 'Directory "{0}" {1} by the Icinga Service User "{2}"';
if ($UserFound) {
if ($HasAccess) {
Write-IcingaTestOutput -Severity 'PASSED' -Message ([string]::Format($messageFormat, $Directory, 'is accessable and writeable', $ServiceUser));
} else {
Write-IcingaTestOutput -Severity 'FAILED' -Message ([string]::Format($messageFormat, $Directory, 'is accessable but NOT writeable', $ServiceUser));
Write-Host "\_ Please run the following command to fix this issue: Set-IcingaAcl -Directory '$Directory'";
}
} else {
Write-IcingaTestOutput -Severity 'FAILED' -Message ([string]::Format($messageFormat, $Directory, 'is not accessable', $ServiceUser));
Write-Host "\_ Please run the following command to fix this issue: Set-IcingaAcl -Directory '$Directory'";
}
}
return $UserFound;
}
Reference in a new issue View git blame Copy permalink