lib/core/icingaagent/setters/Set-IcingaAgentServicePermission.psm1
|
function Set-IcingaAgentServicePermission() { if (Test-IcingaAgentServicePermission -Silent) { Write-Host 'The Icinga Service User already has permission to run as service'; return; } $SystemPermissions = New-IcingaTemporaryFile; $ServiceUser = Get-IcingaServiceUser; $ServiceUserSID = Get-IcingaUserSID $ServiceUser; $SystemContent = Get-IcingaAgentServicePermission; $NewSystemContent = @(); if ([string]::IsNullOrEmpty($ServiceUser)) { Write-IcingaTestOutput -Severity 'FAILED' -Message 'There is no user assigned to the Icinga 2 service or the service is not yet installed'; return $FALSE; } foreach ($line in $SystemContent) { if ($line -like '*SeServiceLogonRight*') { $line = [string]::Format('{0},*{1}', $line, $ServiceUserSID); } $NewSystemContent += $line; } Set-Content -Path "$SystemPermissions.inf" -Value $NewSystemContent; $SystemOutput = Start-IcingaProcess -Executable 'secedit.exe' -Arguments ([string]::Format('/import /cfg "{0}.inf" /db "{0}.sdb"', $SystemPermissions)); if ($SystemOutput.ExitCode -ne 0) { throw ([string]::Format('Unable to import system permission information: {0}', $SystemOutput.Message)); return $null; } $SystemOutput = Start-IcingaProcess -Executable 'secedit.exe' -Arguments ([string]::Format('/configure /cfg "{0}.inf" /db "{0}.sdb"', $SystemPermissions)); if ($SystemOutput.ExitCode -ne 0) { throw ([string]::Format('Unable to configure system permission information: {0}', $SystemOutput.Message)); return $null; } Remove-Item $SystemPermissions*; Test-IcingaAgentServicePermission | Out-Null; } |