Files and Processes Execute Command Permission Denied

MrR0g3rs
New Contributor III

Hello All,

I am trying to get Cylance to install in a prestage enrollment and have been making slow progress thanks to all of you. Cylance requires the user to put in a token when installing. I have followed this post https://community.jamf.com/t5/jamf-pro/installing-cylance-package/m-p/145087#M134146 exactly. 

Everything seems to be running when I look at the logs, however I see this error: 

Result of command:
/bin/sh: /private/tmp/Cylance/install_cylance_with_token.sh: Permission denied

If I am understanding how executing a command works it should run as root. Could this be because this solution is a little older? Does anyone have any idea how to get this script to run? Thanks in advance.

1 ACCEPTED SOLUTION

sdagley
Esteemed Contributor II

@MrR0g3rs What did you set as the ownership and permissions of the install_cylance_with_token.sh file when you used Composer to create the .pkg for it? That error is telling you that the Jamf binary didn't have the necessary permissions to execute the script when your Files and Process command tried to run.

BTW, you might want to consider putting "Security" tools like Cylance on the Mac _after_ your other standard items are installed.

View solution in original post

3 REPLIES 3

sdagley
Esteemed Contributor II

@MrR0g3rs What did you set as the ownership and permissions of the install_cylance_with_token.sh file when you used Composer to create the .pkg for it? That error is telling you that the Jamf binary didn't have the necessary permissions to execute the script when your Files and Process command tried to run.

BTW, you might want to consider putting "Security" tools like Cylance on the Mac _after_ your other standard items are installed.

MrR0g3rs
New Contributor III

Thanks. I do have Cylance set to install on enrollment, rather than as a part of the Prestage, is that the right position in the install. So, should the permissions in Composer be set to root?

sdagley
Esteemed Contributor II

@MrR0g3rs Make sure in Composer you've given root Read and Execute permissions on that file

Another thing to ask, is are you running multiple policies at Enrollment, or do you have a single policy triggered by Enrollment that then runs a configuration script to trigger additional policies? If the former you should take a look at one of the following:

The DEPNotify app and the DEPNotify-Starter script

The swiftDialog app and @dan-snelson's script to drive it: https://snelson.us/2022/09/setup-your-mac-via-swiftdialog-1-2-7/