Jamf Nation Community

SKizale · ‎04-03-2023

Hi all,

Has anyone figured out how to allow Terminal to update or delete other applications (see screenshot) using Jamf Pro? I recently noticed this needed permission when deploying a bash script to update the Egnyte Desktop Core app with Jamf Pro. I tried using Privacy Preferences Policy Control to enable this automatically with no success.

4-3-23 at 2.45PM.png

AJPinto · ‎04-03-2023

You should not need to give terminal permissions to modify other applications.

What is the result of your script?
Can you share the script you are using to update the application?

SKizale · ‎04-03-2023

My script fails when deploying it automatically on reoccurring check-in, but it works fine through the Self-Service app or if I enable Terminal to modify or delete applications. The script also works if no previous version of Egnyte is installed, but when trying to update the app to a newer version using the same script, it fails. Here is my script,

#!/bin/bash

#Kill running app
pkill Egnyte

# Download the Egnyte DMG file
curl -o ~/Downloads/Egnyte_0.5.0_2028.dmg https://egnyte-cdn.egnyte.com/desktopapp/mac/en-us/0.5.0/Egnyte_0.5.0_2028.dmg?_ga=2.162962236.10346...

# Mount the Egnyte DMG file
hdiutil attach ~/Downloads/Egnyte_0.5.0_2028.dmg

# Copy the Egnyte app to the Applications folder
cp -R "/Volumes/Install Egnyte/Egnyte.app" /Applications/

# Unmount the Egnyte DMG file
hdiutil detach "/Volumes/Install Egnyte"

# Delete .dmg file
rm ~/Downloads/Egnyte_0.5.0_2028.dmg

# Launch Egnyte.app
open /Applications/Egnyte.app

AJPinto · ‎04-03-2023

I dont think JAMF uses Terminal to run scripts. JAMF dumps scripts in /Library/Application Support/JAMF/tmp and JAMF invokes the interpreter directly to run the script.

Using ~/ in JAMF scripts usually does not work very well as JAMF run scripts as Root. If you want it to go in to the users download folder I would suggest using a variable for that. Granted this would fail if no one is logged in, so coming up with your own temp directory or using macOS's temp directory /tmp (or echo $TMPDIR if you are feeling brave) would be best.

#!/bin/bash

loggedInUser=$(/usr/bin/who | awk '/console/{ print $1 }')

#Kill running app
pkill Egnyte

# Download the Egnyte DMG file
curl -o /Users/$loggedInUser/Downloads/Egnyte_0.5.0_2028.dmg https://egnyte-cdn.egnyte.com/desktopapp/mac/en-us/0.5.0/Egnyte_0.5.0_2028.dmg?_ga=2.162962236.10346...

# Mount the Egnyte DMG file
hdiutil attach /Users/$loggedInUser/Downloads/Egnyte_0.5.0_2028.dmg

# Copy the Egnyte app to the Applications folder
cp -R "/Volumes/Install Egnyte/Egnyte.app" /Applications/

# Unmount the Egnyte DMG file
hdiutil detach "/Volumes/Install Egnyte"

# Delete .dmg file
rm /Users/$loggedInUser/Downloads/Egnyte_0.5.0_2028.dmg

# Launch Egnyte.app
open /Applications/Egnyte.app

Jamf Nation Community

Allow Terminal to update or delete other applications