I had a support ticket recently where a user reported that they couldn’t update any packages they had installed in the TeX Live Utility, and I wanted to post here in case anyone was searching around for a solution. The large majority of our users don’t have local administrator rights on their Macs, so I wanted to find a solution where they could update their packages within the program without being prompted for administrator credentials.
The solution is to create a Jamf policy to install MacTeX (of which TeX Live Utility is included) via Installomator and make this installable via Self Service.
General > Display Name: MacTeX Latest
Category: Utility
Trigger: <Leave Blank>
Execution Frequency: Ongoing
Scripts: installomator.sh and Tex Live Utility Script (see below)
Scope: As desired, but I elected to make this available to ‘All Computers’
Self Service: Choose a Display Name and short Description. I then checked the Utility category.
User Interaction > Complete Message: MacTeX has been installed successfully
…and then add the following script to the Jamf policy (feel free to copy and paste it directly):
Display Name: Tex Live Utility Script
Category: Utility
Notes: Script to allow user to update packages themselves
#!/bin/bash
########################################################################
# Enable User-Level TeX Live Updates
# Author: Mark Mahabir
# Purpose:
# Allow standard users to update TeX Live packages via TeX Live Utility
# without requiring administrator credentials.
########################################################################
# Jamf passes the logged-in user as $3 (if configured)
CURRENT_USER="$3"
# Fallback method if $3 is empty
if [[ -z "$CURRENT_USER" || "$CURRENT_USER" == "root" ]]; then
CURRENT_USER=$(stat -f %Su /dev/console)
fi
echo "Current logged in user: $CURRENT_USER"
# Exit if no valid user
if [[ -z "$CURRENT_USER" || "$CURRENT_USER" == "root" ]]; then
echo "No valid logged-in user detected. Exiting."
exit 0
fi
########################################################################
# VARIABLES
########################################################################
TEXLIVE_ROOT="/usr/local/texlive"
TEXLIVE_GROUP="texliveusers"
########################################################################
# CREATE GROUP (if it doesn't exist)
########################################################################
if ! dscl . -read /Groups/"$TEXLIVE_GROUP" &>/dev/null; then
echo "Creating group: $TEXLIVE_GROUP"
dseditgroup -o create "$TEXLIVE_GROUP"
else
echo "Group $TEXLIVE_GROUP already exists"
fi
########################################################################
# ADD USER TO GROUP
########################################################################
if id -Gn "$CURRENT_USER" | grep -qw "$TEXLIVE_GROUP"; then
echo "User $CURRENT_USER is already in $TEXLIVE_GROUP"
else
echo "Adding $CURRENT_USER to $TEXLIVE_GROUP"
dseditgroup -o edit -a "$CURRENT_USER" -t user "$TEXLIVE_GROUP"
fi
########################################################################
# VERIFY TEX LIVE INSTALLATION
########################################################################
if [[ ! -d "$TEXLIVE_ROOT" ]]; then
echo "TeX Live directory not found at $TEXLIVE_ROOT"
exit 0
fi
########################################################################
# APPLY PERMISSIONS
########################################################################
echo "Applying group ownership to $TEXLIVE_ROOT"
chgrp -R "$TEXLIVE_GROUP" "$TEXLIVE_ROOT"
echo "Granting group write permissions"
chmod -R g+w "$TEXLIVE_ROOT"
echo "Setting setgid on directories (preserve group ownership)"
find "$TEXLIVE_ROOT" -type d -exec chmod g+s {} \;
########################################################################
# OPTIONAL: RESTRICT PERMISSIONS SENSIBLY
########################################################################
# Ensure world-write is NOT enabled (security hygiene)
echo "Removing world-write permissions"
chmod -R o-w "$TEXLIVE_ROOT"
########################################################################
# FINAL OUTPUT
########################################################################
echo "TeX Live permissions successfully configured."
echo "Users in '$TEXLIVE_GROUP' can now update packages without admin rights."
exit 0You should then find that users can update all packages via Actions > Update all packages without being prompted for a administrator password.
Please let me know in the comments how you get on!