I'm currently testing JamfConnect in preparation for deploying across my organisation (approx 50 devices). I'm having issues with the privilege escalation component in particular. User starts the workflow as a Standard (non admin) user. User cannot execute sudo jamf recon, receives the error message "Sorry, user test.x.user is not allowed to execute '/usr/local/bin/jamf recon' as root on <hostname>". This is expected as user is still a standard non-admin user User requests privilege elevation via Jamf Connect menu bar. User authenticates with Jamf Connect, provides a justification/rationale for elevation. User is now an Admin user in System Settings > Users and Groups, and menu bar shows that the user has 10 mins of elevated privileges User attempts again to execute sudo jamf recon, but still receives the same error message as if they have no administrator privileges User ends the privilege elevation session, they are then bumped back down to a Standard User according to Users & Groups settings menu My MenuBar config profile contains the following: <key>TemporaryUserPermissions</key> <dict> <key>TemporaryUserPromotion</key> <true/> <key>UserPromotionBiometrics</key> <true/> <key>UserPromotionDuration</key> <integer>10</integer> <key>UserPromotionReason</key> <true/> <key>VerifyUserPromotion</key> <true/> </dict> Any thoughts on what may be ocurring here? It seems really strange that the User & Groups system settings menu reflects the users elevated permissions, but in reality the user does not actually get those elevated permissions... Thanks! Andrew

Privilege escalation troubles

I'm currently testing JamfConnect in preparation for deploying across my organisation (approx 50 devices).

I'm having issues with the privilege escalation component in particular.

User starts the workflow as a Standard (non admin) user. User cannot execute sudo jamf recon, receives the error message "Sorry, user test.x.user is not allowed to execute '/usr/local/bin/jamf recon' as root on <hostname>". This is expected as user is still a standard non-admin user
User requests privilege elevation via Jamf Connect menu bar. User authenticates with Jamf Connect, provides a justification/rationale for elevation. User is now an Admin user in System Settings > Users and Groups, and menu bar shows that the user has 10 mins of elevated privileges
User attempts again to execute sudo jamf recon, but still receives the same error message as if they have no administrator privileges
User ends the privilege elevation session, they are then bumped back down to a Standard User according to Users & Groups settings menu

My MenuBar config profile contains the following:

<key>TemporaryUserPermissions</key>
	<dict>
		<key>TemporaryUserPromotion</key>
		<true/>
		<key>UserPromotionBiometrics</key>
		<true/>
		<key>UserPromotionDuration</key>
		<integer>10</integer>
		<key>UserPromotionReason</key>
		<true/>
		<key>VerifyUserPromotion</key>
		<true/>
	</dict>

Any thoughts on what may be ocurring here? It seems really strange that the User & Groups system settings menu reflects the users elevated permissions, but in reality the user does not actually get those elevated permissions...

Thanks!

Andrew

Be the first to reply!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded