Adobe Plug-ins Require Admin Privileges.

TylerC
New Contributor III

Hello, I have users who have to turn on and off plugins for Adobe products. The plugins reside in the Application and thus require admin privileges in order to modify. I do not want to give users full admin privilege. Is there anyway I can push something out that would give them the ability to modify this folder?

10 REPLIES 10

thoule
Valued Contributor II

What do you mean to turn a plugin on or off? Within a browser? How does the user turn a plugin on or off if they do have admin rights? Then we can help you automate that through Self Service.

TylerC
New Contributor III

Adobe products such as Illustrator have plugins, sometime 3rd party ones.

Ie... BPT Pro
http://www.baby-universe.co.jp/en/plug-in/bpt-pro4/

mm2270
Legendary Contributor III

Make a script that collects the contents of the Adobe Plug-ins folder and pops up a list, like an Applescript list (window) or maybe use cocoaDialog for it. They can select the plug-in or plug-ins they'd like to disable and the script could move them into a "Plug-ins (Disabled)" folder. Have it run via Self Service and it can do this with admin rights for the user.

You'd probably need to prompt them at first on which "action" they want to take, like "Disable Plug-ins" or "Enable Plug-ins" so they can reverse the changes later if needed.

TylerC
New Contributor III

Hello, I do not know how to write scripts. Any way to do this with out scripts?

mm2270
Legendary Contributor III

The only other thought I have is, you could possibly modify the permissions on the actual Plug-ins folders to make them world read/write, so any user can modify them. That should allow non admin users to move item in and out of those directories. The only thing I don't know is if those permissions will get overwritten later with any new plug-in installs.
Even here though, you'd want to use a shell command to push to these Macs to make those changes so you don't need to touch every machine manually, so in a way you're looking at "scripting", but this would be much simpler in approach.

TylerC
New Contributor III

I looked before for some help with plugins and did not find any posts that were a similar scenario. Is there any template or already created script out there that I may be missing?

bpavlov
Honored Contributor

Adobe plug-ins, extensions, etc. are a pain to deal with. Unfortunately, each plug-in will have different install instructions. Some put components in the Plug-in folders for the app in question, others go in /Library/Application Support/Adobe/.... And then things may change depending on the version of Adobe CC you are using. I recommend trying to re-package the plug-ins where possible and making them available via Self Service. Otherwise take requests as they come in and handle them on a case by case basis. I know it's not what you want to hear.

If you did want to change ownership and permissions on a path, you could make sure of the chown and chmod. However as has already been stated you'd be getting into scripting.

TylerC
New Contributor III

I have a basic familiarity with unix terminal commands. Could I just deploy a command using chmod to change the permission of that folder? I do have ARD.

TylerC
New Contributor III

Anyone able to tell me the chmod command that would accomplish this?

mm2270
Legendary Contributor III

As I don't have any current Adobe CC or CS apps installed, I don't know the exact paths to the Plug-ins folders. I'm not sure if they've changed since I last worked with them. But, assuming for a moment, a path is something like

/Applications/Adobe/Adobe Illustrator/Plugins.localized

The command you'd be looking at could be something like this:

/bin/chmod -R 777 /Applications/Adobe/Adobe Illustrator/Plugins.localized

Of course, the above needs to be done as root or with sudo to have any effect. The 777 is a POSIX notation which essentially means its being set to full Read/Write privileges to Owner, Group and Everyone (World) This will ensure that any user on the Mac can make changes to that folder and its contents.

Some folks would balk at doing a full 777 recursively thru that directory, and they'd be right. Its not best practice as it then opens up that folder to be modified by anything and anyone on the system, including any nefarious processes like malware. Permissions are there to protect things from unwanted modifications for good reason. So do this at your own risk.

A slightly better alternative would be to change the group membership to a local group that all your users are part of, or confirm if its already set to one, maybe "staff" or something, then change the permissions to 775, which would give the owner and group full read/write, but Everyone or other would remain at read and execute only.