[BUG] state salt.minion failing on windows minion trying to use linuxy-ish permissions

[TheBigBear]

Your setup

Formula commit hash / release tag

commit cc6a3a204e21ff5a3a5ff6b5d8d3133ec093f393

Versions reports (master & minion)

minion:

salt-call -V
C:\Program Files\Salt Project\Salt\bin\lib\site-packages\_distutils_hack\__init_
_.py:33: UserWarning: Setuptools is replacing distutils.
  warnings.warn("Setuptools is replacing distutils.")
Salt Version:
          Salt: 3005.1

Dependency Versions:
          cffi: 1.14.6
      cherrypy: 18.6.1
      dateutil: 2.8.1
     docker-py: Not Installed
         gitdb: 4.0.7
     gitpython: Not Installed
        Jinja2: 3.1.0
       libgit2: Not Installed
      M2Crypto: Not Installed
          Mako: 1.1.4
       msgpack: 1.0.2
  msgpack-pure: Not Installed
  mysql-python: Not Installed
     pycparser: 2.21
      pycrypto: Not Installed
  pycryptodome: 3.10.1
        pygit2: Not Installed
        Python: 3.8.15 (tags/v3.8.15:44adf8a, Nov  8 2022, 17:20:07) [MSC v.1929
 64 bit (AMD64)]
  python-gnupg: 0.4.8
        PyYAML: 5.4.1
         PyZMQ: 22.0.3
         smmap: 4.0.0
       timelib: 0.2.4
       Tornado: 4.5.3
           ZMQ: 4.3.4

System Versions:
          dist:
        locale: cp1252
       machine: AMD64
       release: 2016Server
        system: Windows
       version: 2016Server 10.0.14393 SP0 Multiprocessor Free

master:

salt -V
Salt Version:
          Salt: 3005.1

Dependency Versions:
          cffi: 1.11.5
      cherrypy: unknown
      dateutil: 2.6.1
     docker-py: Not Installed
         gitdb: Not Installed
     gitpython: Not Installed
        Jinja2: 2.10.1
       libgit2: Not Installed
      M2Crypto: 0.35.2
          Mako: Not Installed
       msgpack: 0.6.2
  msgpack-pure: Not Installed
  mysql-python: Not Installed
     pycparser: 2.14
      pycrypto: Not Installed
  pycryptodome: Not Installed
        pygit2: Not Installed
        Python: 3.6.8 (default, Sep 13 2022, 07:19:15)
  python-gnupg: Not Installed
        PyYAML: 3.12
         PyZMQ: 22.0.3
         smmap: Not Installed
       timelib: Not Installed
       Tornado: 4.5.3
           ZMQ: 4.3.4

System Versions:
          dist: almalinux 8.7 Stone Smilodon
        locale: UTF-8
       machine: x86_64
       release: 4.18.0-425.3.1.el8.x86_64
        system: Linux
       version: AlmaLinux 8.7 Stone Smilodon

Pillar / config used

---

Bug details

Describe the bug

When running salt-call state.apply salt.minion it fails and can't set permissions on windows files seemingly trying to do it the 'linux' way.

Steps to reproduce the bug

salt-call state.apply salt.minion test=true

salt-call state.apply salt.minion test=true
C:\Program Files\Salt Project\Salt\bin\lib\site-packages\_distutils_hack\__init_
_.py:33: UserWarning: Setuptools is replacing distutils.
  warnings.warn("Setuptools is replacing distutils.")

[WARNING ] The group argument for C:\ProgramData\Salt Project\Salt\conf\minion h
as been ignored as this is a Windows system. Please use the `win_*` parameters t
o set permissions in Windows.
[ERROR   ] Invalid user/group or sid: root
Traceback (most recent call last):
  File "C:\Program Files\Salt Project\Salt\bin\Lib\site-packages\salt\utils\win_
dacl.py", line 1183, in get_sid_string
    return win32security.ConvertSidToStringSid(principal)
TypeError: The object is not a PySID object

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Program Files\Salt Project\Salt\bin\Lib\site-packages\salt\utils\win_
dacl.py", line 1146, in get_sid
    sid = win32security.ConvertStringSidToSid(sid)
pywintypes.error: (1337, 'ConvertStringSidToSid', 'The security ID structure is
invalid.')
[ERROR   ] An exception occurred in this state: Traceback (most recent call last
):
  File "C:\Program Files\Salt Project\Salt\bin\Lib\site-packages\salt\utils\win_
dacl.py", line 1183, in get_sid_string
    return win32security.ConvertSidToStringSid(principal)
TypeError: The object is not a PySID object

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Program Files\Salt Project\Salt\bin\Lib\site-packages\salt\utils\win_
dacl.py", line 1146, in get_sid
    sid = win32security.ConvertStringSidToSid(sid)
pywintypes.error: (1337, 'ConvertStringSidToSid', 'The security ID structure is
invalid.')

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Program Files\Salt Project\Salt\bin\lib\site-packages\salt\state.py",
 line 2276, in call
    ret = self.states[cdata["full"]](
  File "C:\Program Files\Salt Project\Salt\bin\lib\site-packages\salt\loader\laz
y.py", line 149, in __call__
    return self.loader.run(run_func, *args, **kwargs)
  File "C:\Program Files\Salt Project\Salt\bin\lib\site-packages\salt\loader\laz
y.py", line 1228, in run
    return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs
)
  File "C:\Program Files\Salt Project\Salt\bin\lib\site-packages\salt\loader\laz
y.py", line 1243, in _run_as
    return _func_or_method(*args, **kwargs)
  File "C:\Program Files\Salt Project\Salt\bin\lib\site-packages\salt\loader\laz
y.py", line 1276, in wrapper
    return f(*args, **kwargs)
  File "C:\Program Files\Salt Project\Salt\bin\Lib\site-packages\salt\states\fil
e.py", line 3025, in managed
    u_check = _check_user(user, group)
  File "C:\Program Files\Salt Project\Salt\bin\Lib\site-packages\salt\states\fil
e.py", line 375, in _check_user
    uid = __salt__["file.user_to_uid"](user)
  File "C:\Program Files\Salt Project\Salt\bin\lib\site-packages\salt\loader\laz
y.py", line 149, in __call__
    return self.loader.run(run_func, *args, **kwargs)
  File "C:\Program Files\Salt Project\Salt\bin\lib\site-packages\salt\loader\laz
y.py", line 1228, in run
    return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs
)
  File "C:\Program Files\Salt Project\Salt\bin\lib\site-packages\salt\loader\laz
y.py", line 1243, in _run_as
    return _func_or_method(*args, **kwargs)
  File "C:\Program Files\Salt Project\Salt\bin\Lib\site-packages\salt\modules\wi
n_file.py", line 521, in user_to_uid
    return __utils__["dacl.get_sid_string"](user)
  File "C:\Program Files\Salt Project\Salt\bin\lib\site-packages\salt\loader\laz
y.py", line 149, in __call__
    return self.loader.run(run_func, *args, **kwargs)
  File "C:\Program Files\Salt Project\Salt\bin\lib\site-packages\salt\loader\laz
y.py", line 1228, in run
    return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs
)
  File "C:\Program Files\Salt Project\Salt\bin\lib\site-packages\salt\loader\laz
y.py", line 1243, in _run_as
    return _func_or_method(*args, **kwargs)
  File "C:\Program Files\Salt Project\Salt\bin\Lib\site-packages\salt\utils\win_
dacl.py", line 1186, in get_sid_string
    principal = get_sid(principal)
  File "C:\Program Files\Salt Project\Salt\bin\Lib\site-packages\salt\utils\win_
dacl.py", line 1149, in get_sid
    raise CommandExecutionError("Invalid user/group or sid: {}".format(principal
))
salt.exceptions.CommandExecutionError: Invalid user/group or sid: root

[WARNING ] The group argument for C:\ProgramData\Salt Project\Salt\conf\pki\mini
on has been ignored as this is a Windows system. Please use the `win_*` paramete
rs to set permissions in Windows.
[ERROR   ] Invalid user/group or sid: root
Traceback (most recent call last):
  File "C:\Program Files\Salt Project\Salt\bin\lib\site-packages\salt\utils\win_
dacl.py", line 1146, in get_sid
    sid = win32security.ConvertStringSidToSid(sid)
pywintypes.error: (1337, 'ConvertStringSidToSid', 'The security ID structure is
invalid.')
[ERROR   ] Invalid user/group or sid: root

Passed invalid arguments: can not serialize 'CommandExecutionError' object.

Usage:

    .. versionadded:: 2015.5.0

    This function will call :mod:`state.highstate
    <salt.modules.state.highstate>` or :mod:`state.sls
    <salt.modules.state.sls>` based on the arguments passed to this function.
    It exists as a more intuitive way of applying states.

    .. rubric:: APPLYING ALL STATES CONFIGURED IN TOP.SLS (A.K.A. :ref:`HIGHSTAT
E <running-highstate>`)

    To apply all configured states, simply run ``state.apply``:

    .. code-block:: bash

        salt '*' state.apply

    The following additional arguments are also accepted when applying all
    states configured in top.sls:

    test
        Run states in test-only (dry-run) mode

    mock
        The mock option allows for the state run to execute without actually
        calling any states. This then returns a mocked return which will show
        the requisite ordering as well as fully validate the state run.

        .. versionadded:: 2015.8.4

    pillar
        Custom Pillar values, passed as a dictionary of key-value pairs

        .. code-block:: bash

            salt '*' state.apply stuff pillar='{"foo": "bar"}'

        .. note::
            Values passed this way will override Pillar values set via
            ``pillar_roots`` or an external Pillar source.

    exclude
        Exclude specific states from execution. Accepts a list of sls names, a
        comma-separated string of sls names, or a list of dictionaries
        containing ``sls`` or ``id`` keys. Glob-patterns may be used to match
        multiple states.

        .. code-block:: bash

            salt '*' state.apply exclude=bar,baz
            salt '*' state.apply exclude=foo*
            salt '*' state.apply exclude="[{'id': 'id_to_exclude'}, {'sls': 'sls
_to_exclude'}]"

    queue : False
        Instead of failing immediately when another state run is in progress,
        queue the new state run to begin running once the other has finished.

        This option starts a new thread for each queued state run, so use this
        option sparingly.

    localconfig
        Optionally, instead of using the minion config, load minion opts from
        the file specified by this argument, and then merge them with the
        options from the minion config. This functionality allows for specific
        states to be run with their own custom minion configuration, including
        different pillars, file_roots, etc.

        .. code-block:: bash

            salt '*' state.apply localconfig=/path/to/minion.yml

    .. rubric:: APPLYING INDIVIDUAL SLS FILES (A.K.A. :py:func:`STATE.SLS <salt.
modules.state.sls>`)

    To apply individual SLS files, pass them as a comma-separated list:

    .. code-block:: bash

        # Run the states configured in salt://stuff.sls (or salt://stuff/init.sl
s)
        salt '*' state.apply stuff

        # Run the states configured in salt://stuff.sls (or salt://stuff/init.sl
s)
        # and salt://pkgs.sls (or salt://pkgs/init.sls).
        salt '*' state.apply stuff,pkgs

        # Run the states configured in a more deeply nested directory such as sa
lt://my/organized/stuff.sls (or salt://my/organized/stuff/init.sls)
        salt '*' state.apply my.organized.stuff

    The following additional arguments are also accepted when applying
    individual SLS files:

    test
        Run states in test-only (dry-run) mode

    mock
        The mock option allows for the state run to execute without actually
        calling any states. This then returns a mocked return which will show
        the requisite ordering as well as fully validate the state run.

        .. versionadded:: 2015.8.4

    pillar
        Custom Pillar values, passed as a dictionary of key-value pairs

        .. code-block:: bash

            salt '*' state.apply stuff pillar='{"foo": "bar"}'

        .. note::
            Values passed this way will override Pillar values set via
            ``pillar_roots`` or an external Pillar source.

    queue : False
        Instead of failing immediately when another state run is in progress,
        queue the new state run to begin running once the other has finished.

        This option starts a new thread for each queued state run, so use this
        option sparingly.

    concurrent : False
        Execute state runs concurrently instead of serially

        .. warning::

            This flag is potentially dangerous. It is designed for use when
            multiple state runs can safely be run at the same time. Do *not*
            use this flag for performance optimization.

    saltenv
        Specify a salt fileserver environment to be used when applying states

        .. versionchanged:: 0.17.0
            Argument name changed from ``env`` to ``saltenv``

        .. versionchanged:: 2014.7.0
            If no saltenv is specified, the minion config will be checked for an

            ``environment`` parameter and if found, it will be used. If none is
            found, ``base`` will be used. In prior releases, the minion config
            was not checked and ``base`` would always be assumed when the
            saltenv was not explicitly set.

    pillarenv
        Specify a Pillar environment to be used when applying states. This
        can also be set in the minion config file using the
        :conf_minion:`pillarenv` option. When neither the
        :conf_minion:`pillarenv` minion config option nor this CLI argument is
        used, all Pillar environments will be merged together.

    localconfig
        Optionally, instead of using the minion config, load minion opts from
        the file specified by this argument, and then merge them with the
        options from the minion config. This functionality allows for specific
        states to be run with their own custom minion configuration, including
        different pillars, file_roots, etc.

        .. code-block:: bash

            salt '*' state.apply stuff localconfig=/path/to/minion.yml

    sync_mods
        If specified, the desired custom module types will be synced prior to
        running the SLS files:

        .. code-block:: bash

            salt '*' state.apply stuff sync_mods=states,modules
            salt '*' state.apply stuff sync_mods=all

        .. note::
            This option is ignored when no SLS files are specified, as a
            :ref:`highstate <running-highstate>` automatically syncs all custom
            module types.

        .. versionadded:: 2017.7.8,2018.3.3,2019.2.0

Expected behaviour

Attempts to fix the bug

Additional context

[TheBigBear]

@twangboy Shane Lee from Saltstack closed this as completed? But it is not fixed?

[mlalpho]

@TheBigBear if #554 doesn't work out you could also extend the salt formula to customize it. Or, if the user/group are set to valid windows users ?

Cheers!

[TheBigBear]

@mlalpho YES! Thanks. This fixed the issue for me. I can now run and apply the state from both the master and the minion and both complete the tasks. thanks for this fix it works for me.