Help

Flexera agent deployment on mac devices

Asifahmed
New Contributor III

2 weeks ago

Hello Team,

Need one info, we can see Flexera agent deployment working fine when we are running the installer command with enabling root account in CLI mode. But if I run the same command with another user account which is also an admin I mean having sudo privilege it doesnt work, now my question is, is it security violation to run the command with root account(sudo su, which switchs to root account with CLI prompt sh-3.2#)?  Apple doesnt recommend to enable root account in GUI mode, is it valid for root account in CLI mode or it is OK to use root account in CLI mode?

0 Kudos
Reply
2 REPLIES 2

sonia598lewis
New Contributor

2 weeks ago

@Asifahmed wrote:

Hello Team,

Need one info, we can see Flexera agent deployment working fine when we are running the installer command with enabling root account in CLI mode. But if I run the same command with another user account which is also an admin I mean having sudo privilege it doesnt work, now my question is, is it security violation to run the command with root account(sudo su, which switchs to root account with CLI prompt sh-3.2#)?  Apple doesnt recommend to enable root account in GUI mode, is it valid for root account in CLI mode or it is OK to use root account in CLI mode?

Hello @Asifahmed,
Using the root account in CLI mode is generally safer than enabling it in GUI mode, but it's still not recommended for routine tasks. Apple advises using sudo it for temporary elevated privileges instead. For security, always disable the root account after use. Official Site

Best Regards,
Sonia Lewis

0 Kudos
Reply

rqomsiya
Contributor III
In response to sonia598lewis

2 weeks ago

Hi, 

Use this method: 

1. Use Composer to drop the Managesoft PKG installer and rollout response file in /private/var/tmp.

2. Run a post install script that has this: 

installer -verbose -pkg /private/var/tmp/ManageSoft-20.4.0.pkg -target /

 

3. Package the app. As long as the rollout response file is in the same directory as the Managesoft PKG you should be fine. Then just run the PKG from a Jamf policy. Pretty straight forward. 

 

Note: You could also run a command at the end of the post-install script to kick off inventory collection instead of waiting for the check-in. 

0 Kudos
Reply