Posted on 06-24-2019 07:34 AM
In our Company we currently have Firefox 60.2 ESR distributed, we have AutoUpdates turned off, configured in the .cfg file.
We're now trying to turn on AutoUpdates on with an exchange of the .cfg file in the currently installed Firefox. That part works without any problems, but when actually trying to install an updated version of Firefox afterwards it will ALWAYS ask for admin privileges with the Helper Tool.
I tried it with the following permissions set for Firefox: 775 with root:wheel, root:admin, root:netaccounts. With 777 Permissions there's no prompt for a password, but it gets stuck in a loop asking to relaunch Firefox to install the Update.
Any ideas what we can do to make the update happen without the Helper Tool prompt?
Posted on 06-24-2019 08:00 AM
Unfortunately Firefox doesn't have a keystone update service like Chrome does, so I have just been building new packages each time, though we aren't using ESR.
perhaps this script may help you? https://www.jamf.com/jamf-nation/third-party-products/files/764/firefox-install-update
Here is a script from 2015 for Firefox ESR https://www.jamf.com/jamf-nation/discussions/12956/firefox-update-script#responseChild76205
Hope one of them helps! The second thread has a lot of different implementations.
Posted on 06-25-2019 01:17 AM
@mlizbeth Thank you! Yes, those would theoretically work, but we would rather just distribute Firefox with Autoupdates enabled and let the users update it themselves, less hassle for us in the long term. And a script like this wouldn't work in our environment, since we also need to include certificates with Firefox. It really bugs me that the Helper Tool pops up, disregarding of what permissions are set...
Posted on 06-25-2019 05:01 AM
@msoti This has been a thorn in my side for years now. You do have a couple of options though.
Use the CFG file to disable updates altogether and then manually push out the latest version with a package. This will stop Firefox from prompting a standard user to update, even when they can't.
Install Firefox in the user's profile Application folder ,ie, ~/Applications. We do this with SKYPE and other apps that can't update without an an admin account. This would obviously not work in lab environments. I've stopped including Firefox as a default app on all machines and just provide Safari and Chrome. Chrome is the easiest the manage out of all 3 browsers. And this includes Safari. It keeps itself updated and it's easy to push out a default set of settings and bookmarks using a Google Master Preferences file.
Posted on 06-27-2019 02:52 AM
We finally found a solution that worked! We got rid of any cck2 setting in Firefox, now managing the setting with a policies.json file and also adding the certificates with the package. To get rid of the Helper Tool prompt, we set the owner and group of Firefox to $USER:staff!
Posted on 06-16-2020 07:09 AM
@msoti We seems to be hitting the same issue with Yammer. How can we set the owner and group of Yammer to $USER:staff?
We are using Composer to create our packages and I don't see the option to set the owner to $USER. Any idea?
Posted on 06-16-2020 09:55 AM
@msoti Firefox is an example of an app in dmg that can be installed or upgraded using our install-update-app-in-dmg script with the following parameters in a Jamf Pro policy:
- Parameter 4: http://download.mozilla.org/?product=firefox-latest&os=osx&lang=en-US
- Parameter 5: Firefox.app
- Parameter 6: CFBundleShortVersionString
If Firefox is installed and open, it will prompt the user to postpone or update. You can set this policy to run once a week.
Posted on 06-17-2020 02:16 AM
@ryan.ball Great script! This actually 99% answers to our issue with Yammer. Only caveat is that you need to download the dmg to compare its version with the installed one. Thanks!
Posted on 06-17-2020 06:54 AM
@pabohr The script can be modified to check for the version first without too much trouble. Here is how you can get the latest version of Firefox:
latestVersion=$(curl -s "https://product-details.mozilla.org/1.0/firefox_versions.json" | grep "LATEST_FIREFOX_VERSION" | grep -E -o "[0-9.]+")
Posted on 10-01-2020 02:02 PM
Posted on 10-01-2020 02:19 PM
@pabohr based on what @msoti described, I figured that she's doing something similar to my script below.
#!/bin/bash
# Get logged-in user
currentUser=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");'`
# Change Firefox.app owner and group
chown $currentUser:staff /Applications/Firefox.app/
Posted on 01-22-2021 05:05 AM
Posted on 01-22-2021 07:44 AM
Hey @PayFit after you run my script above, you need to move the app to ~/Applications. The user will then have permissions to manage the app. I would only advise doing this for some apps like browsers though.