Hi guys,
I am wondering if some of you guys experience the same problems as we do. We have Adobe Deployment Packages for our Imaging process. Everything works fine after installing, but I have a big permission issue as well.
Our students are pretty smart and look for folders in /Library/ where 'everyone' has write permissions. Than they search e.g. for Terminal and copy it to this folder, because my white listed pathes via MCX are:
/Library/
/Applications/
/System/
/bin/
/usr/sbin/
Blacklisted pathes via MCX for Applications:
/Applications/Utilities/
/Users/
/Library/Caches/
~/
I double checked many times the permissions on my /Library. Only directories I found where 'everyone' has write permissions are from the /Library/Application Support/Adobe/ folders.
find /Library/Application Support/ -type d -perm -o+w -exec ls -lad {} ;
drwxrwxrwt 3 root admin 102 4 Apr 16:14 /Library/Application Support//Adobe/Adobe PCD/cache
drwxrwxrwx 3 root admin 102 4 Apr 16:10 /Library/Application Support//Adobe/Bridge CS5 Extensions/Workspaces
drwxrwxrwx 2 root admin 68 4 Apr 16:10 /Library/Application Support//Adobe/Extension Manager CS5
drwxrwxrwx 6 root admin 204 4 Apr 16:14 /Library/Application Support//Adobe/SLStore
drwxrwxrwx 2 root admin 68 4 Apr 16:09 /Library/Application Support//Adobe/SLStore_v1
drwxrwxrwx 3 root admin 102 4 Apr 16:14 /Library/Application Support//regid.1986-12.com.adobeNow I restricted /Library/ as well, but this brings others issues up e.g. I cannot run SystemProfiler without entering Admin credentials.
I have no idea and googled so much, but I cannot really find a solution. Tried to remove -w- for 'everyone' on all Adobe folders. Afterwards none Adobe product could launch anymore and Adobe's support article says http://helpx.adobe.com/de/x-productkb/policy-pricing/configuration-error-cs5.html (sorry it's the German support article). But what it is saying is, you need to have rwxrwxrwx on the /Library/Application Support/Adobe/SLStore folders.
I really would like to get that fixed, so I can unrestrict running applications from /Library/ again.
Hopefully you guys can help!
Thanks,
Fab