Posted on 04-17-2014 06:33 AM
When you capture an app and it puts stuff in the logged in user's folder, what's the best practice to set teh owner group to, since you will be using FUT.
Meaning, /Users is root:admin. and then the actual /Users/Admin folder is owned by Admin:whateveritis. Is it best practice to leave teh Admin:whateveritis set or propagate the root:admin from /Users?
Posted on 04-17-2014 07:15 AM
In our case, the group is staff, and FUT/FEU keeps the staff group. This has worked well in the couple of instances where we need it.
Posted on 04-17-2014 07:25 AM
so don't propagate from /Users down?
Posted on 04-17-2014 07:49 AM
I gotten into doing the propagate for the Users folder, and it works as well. Mainly I do it for Users since I need to do that for Applications, and as I am working on explaining this to others, it is easier to just tell them they need to do the propagate tights for all of the base folders.
Posted on 04-17-2014 08:48 AM
Yeah, I do root:admin on the actual users home folder on down, same as /Users
Posted on 04-18-2014 07:59 AM
We create all DMG's like this under our Administrator account, this is on all ours macs.
I just leave the perms as-is, when using FUT or FEU's it seems to correct the perms.
Posted on 04-21-2014 05:59 AM
In my testing, the permissions on the files that will be filled are irrelevant; permissions are apparently set during installation (if installed by Casper).
Posted on 04-21-2014 07:48 AM
Correct, when the binary copies it to the user template or to the existing users home directory it should inherit permissions properly. The most important part about ANY packages that have FUT/FEU is that you don't have more than one user home directory in it as the binary will take whatever the first one it finds to apply the settings. At least that was the behavior. We try to make sure we use the same username account for user files for all packages. We set permissions in packages just because it's cleaner (OCD) to have valid accounts on files all the time.