How do I change any /etc/...conf file I want via script in Self Service?

kdean
New Contributor III

I am trying to change the /etc/krb5.conf file. I have specific settings that I can't share... what I did was create a policy, under files and processes I put vi /etc/krb5.conf and the bash script I need run to change these settings. Did I do this right?

1 ACCEPTED SOLUTION

ThijsX
Valued Contributor
Valued Contributor

@kdean on your own mac do the following, it is pretty easy.

  • Create your correct krb5.conf config file
  • copy/replace the new krb5.conf file to /etc/
  • Start in this case Composer.app
  • Drag and drop the /etc/krb5.conf file to composer
  • Make sure to set correct permissions in composer
  • Create PKG and test and distribute to your fleet
  • Roll out the PKG via Self Service, or the way you prefer.

This can be done on various ways, scripts that pulls down the file from a public share oi. Packages with copy/replace scripts

Cheers

View solution in original post

12 REPLIES 12

DTIC_Macintosh
New Contributor

removed

ifbell
Contributor

Actually you want to create your script in the editor of your choice or within computer management/scripts/new. If you want you can upload the script you created into JAMF via JAMF admin. Then within your policy go to scripts and add your script there.

kdean
New Contributor III

@ifbell I created the script in the editor of choice, I uploaded the script via JAMF Admin, but it is not changing the /etc/krb5.conf on the machine I scoped it to, I put vi /etc/krb5.conf under files and processes. I even put sudo vi .... and neither worked.

merps
Contributor III

@kdean Does the script do what you want when you run it locally on the system with sudo sh /path/to/script.sh?

If so, you should be able to go to your policy and use the Scripts payload. Choose your script (leaving it set to After should be fine).

Once you have the script payload in your policy, you can remove the item from files & processes.

kdean
New Contributor III

@merps What if I just want to replace the /etc/krb5.conf file without creating a script to replace it. Currently these machines have a blank /etc/krb5.conf file, is there a way to just have this file uploaded to each machine that runs the script from Self Service?

ooshnoo
Valued Contributor

@kdean Did you find a solution to this?

ThijsX
Valued Contributor
Valued Contributor

@kdean on your own mac do the following, it is pretty easy.

  • Create your correct krb5.conf config file
  • copy/replace the new krb5.conf file to /etc/
  • Start in this case Composer.app
  • Drag and drop the /etc/krb5.conf file to composer
  • Make sure to set correct permissions in composer
  • Create PKG and test and distribute to your fleet
  • Roll out the PKG via Self Service, or the way you prefer.

This can be done on various ways, scripts that pulls down the file from a public share oi. Packages with copy/replace scripts

Cheers

joshsw
New Contributor II

I do exactly what you are looking do. I use the steps @txhaflaire describes to deploy mine. Works great.

kdean
New Contributor III

@txhaflaire thank you for this. This makes more since to me now. I was trying to upload the script directly to Jamf Admin before putting it through Composer. That makes sense now. I really didn't understand why we were doing that in Jamf training. It seems sometimes I can put a script directly into Admin and then run a policy and it works. So I am assuming that if it involves machine settings it has to be run through Composer then Admin and then assign to policy etc? I probably didn't say that the most eloquently lol

kdean
New Contributor III

@txhaflaire also, what permissions would you assign to the krb5.conf file? I am thinking 755 or 777 but I am not sure.

mschroder
Valued Contributor

644 is the correct mode for krb5.conf. Group and Others should not have write access, nobody need execution permissions.

kdean
New Contributor III