I'm basically trying to achieve running the Unreal4 Engine on our macs here at school.
I initially got the program to work by simply granting permissions to a few folders. These were the folders.
Now, when the students access textures and such, it needs access to a whole lot of other folders, the user is given a "You do not have permission to launch X" error
You can see in my screen shot, I'm starting to add way to much stuff, when really, I'm just trying to grant full read access from
/Users/Shared/UnrealEngine/ - (Currently still need to specify specific exact folders, they dont inherit permissions from this level)
Attached is a screen shot of the policy. Nothing else is scoped out to the device.
How does your school system block and unblock games/applications? In addition to the how, what is their primary purpose in doing so? That can have a big effect on the ways you SHOULD blacklist/whitelist apps and app locations.
There are many ways to skin this particular cat!
Working on it this as we speak guys.
Firstly will try packaging the program with proper read/write access.
Next I'll try the wildcard.
Thanks - Will update you!
I've tried the wildcard, unfortunately this doesn't push down permissions to the subfolders.
I've also tried packaging the program with full read access, but the above profile is still blocking the subfolders.
Any ideas? I know a sudo chmod 777 would work however the students would then have too much access.
Funny question... how do you KNOW that a 'sudo chmod 777' will work. If the profile is blocking said sub folders then all the things your doing to the permissions aren't going to matter. At least I don't think they would. What are the restrictions that you have set?
P.S> Have you contacted JAMF support?
No other profiles scoped to the machine. Do you guys think it may be the 'Restrict which apps are allowed to launch' tickbox?
I actually dont know the chmod777 would work, just an assumption. I'll test.
Thanks for the ongoing support
I now ran a config profile with an unticked Restrict which apps are allowed to launch tickbox. It now works, but now the students could potentially run any app, game etc. So I'm not sure this is a complete solution. Does anyone have anything further?
What are you specifically trying to prevent? Students shouldn't be able to just install anything without an administrative password. OK, so MAS apps are different but those can be sorted out with the check box in your picture above "Restrict App Store to Software Updates Only".
And yes, I'm probably missing much about your situation.