Imaging Library Permissions

georgel
New Contributor III

I've created a Base Image doesn't include any additional software just a local admin user using Composer.
Followed the steps from this article [https://www.jamf.com/jamf-nation/discussions/22840/guide-to-creating-sierra-base-image-from-a-to-z](link URL)
Issue is after it images and boots to the HD there is no desktop background and upon checking the Library folder the permissions are all wrong.
50403e7b3054449398ba259b6ee4e84c

1 ACCEPTED SOLUTION

RobertHammen
Valued Contributor II

Don't use Composer to build OS images. Use AutoDMG to build an up-to-date never-booted OS, and layer on the other apps, users, and settings you need.

View solution in original post

13 REPLIES 13

dp-it-admin
New Contributor II

I have also encountered this exact issue. Would love to see if we can find the root cause along with a simple fix.

bgwilkes
New Contributor II

Same issue here.

RobertHammen
Valued Contributor II

Don't use Composer to build OS images. Use AutoDMG to build an up-to-date never-booted OS, and layer on the other apps, users, and settings you need.

bgwilkes
New Contributor II

Ours was built with AutoDMG; it doesn't appear to be a Composer problem.
Update: Creating two identical .dmg's with AutoDMG (1.9), the apfs formatted one has this error, while the hfs+ version does not.

joey_prestidgeN
New Contributor

I also have this issue. I want to use Composer so would like the issue fixed. For now, I'll have to script a root library permissions propagation.

galionschools
Contributor

What tool are you using to lay down the image? Wasn't Deploy Studio causing permissions issues with /Library earlier this year?

rmcdonald
New Contributor III

I am getting the exact same issue using the latest AutoDMG (not beta) and two different versions of the 10.13(.1 and .5) installer.

Why was this marked as solved?

Update: I had the same issue dropping a KG dmg for 10.12.6. Both of these were dropped with a 10.13 netboot created with AutoCasperNBI. Starting to think it's the NBI, maybe asr binaries. Going to try running the new 10.13 autoDMG with a 10.12.6 netboot and see if that changes anything.

I tried running the perms script and it works in so far as correcting Library permissions but I am seeing apps like Safari become non-responsive as well so definitely would like to figure out the root cause here.

Update 2: The above gave the same results. Thinking that the Jamf Imaging tool might be causing the issue I tried the trusty diskutil from the 10.12.6 NetBoot using the 10.13 created with AutoDMG and it worked perfectly. No app issues and permissions were correct. We are currently on JAMF Pro 10.4.0. Once we update to the latest I will try again and update when I get a chance.

steveadams
New Contributor III

@rmcdonald - We’re facing this issue for the first time since upgrading to Jamf Pro 10.9. Could you expand a bit on your Update 2 please in how you used diskutil in your solution.

I’m using the latest version of AutoDMG, AutoCasperNBI. Experiencing the locked Library folder not matter what I create either a 10.12.6 or 10.13.6 base OS or NBI :( wished I could get all my machines into DEP!

ccsshelpdesk
New Contributor III

Hi any updates or ideas on the best solution for this.
As today i have has a drive falure so tried to netboot imagae to new SSD drive as i normally do to my sierra image that has worked in the past and having the same issue with locked down Libary issues.
Now I am Currentaly doing a new High Sierra Image (current iMacs have been upgraded to this from el-captian and sierra) so need any ideas on what needs to be done on AutoDMG as thats what i have been using for my images so far with no issues.

Never used composer for my images so that cannot be the issue

Using Jamf pro 10.9.0

steveadams
New Contributor III

What we had to do is to make sure the "Erase target drive" option in Jamf Imaging was enabled.

We hadnt use is previously as we found the drives were not always being formatted.
We still erase using disk utility and then make sure "Erase target drive" is ticked

ccsshelpdesk
New Contributor III

Hi @steveadams we always use this option anyway, but i am getting a bit closer to whats actaualy goin on.

Today i have had a newer mac die and it images fine with my APFS image so started investagating and came across this post:
https://www.jamf.com/jamf-nation/discussions/26281/target-mode-imaging-10-13-already-apfs

And it looks like its doing the same no matter how i format the 500gig ssd it never uses Block Copy, it only states installing Package which i did notice, so this is pointing to it not able to format erase the disk before imaging.

I have even Jamf Imaged high Sierra to a usb connected ssd drive (diffrent make) (newer iMac) and cannot get this issue to occur.
Does anyone have any scripts to fully sort the disk to APFS before imaging to resolve this issue, or how to format the disk to test this further.

cheers all

Chris_Hafner
Valued Contributor II

Question... First, are you choosing the APFS option in AutoDMG before creating the installer? Also, you need the firmware from Apple for the APFS conversion. So far as I know, there's not a *good way to script that. You've got to go through an OS isntaller process that pulls that from Apple.

*I think I've seen people downloading the firmware directly for each model needing to be imaged and at least trying to automate such a thing. In the end, we're all being pushed away from Imaging though we can still image 10.13.x in both HFS+ and APFS without these issues.

ccsshelpdesk
New Contributor III

All Macs in question have had manual updates from sierra to high sierra and some from el capatain so sholuld have has the firmware (i suppose)
Also i have tried two images with AutoDMG one created with HFS+ and one with APFS same issue on both.
But my 2018 iMacs with standard drives are imaging fine, and some old 2012 iMacs we have SSD Upgraded are imaging fine.
It only seems to be our 2014 iMacs that have the issue with the SSD Replacments. Im starting to think its down to formatting issues with the disks, but i need to pull one of the imacs in question to investagate further.
As i do recall getting strage error upon formatting/partitioning when i was messing around.

Cheers for all the advice everyone one day we will get DEP enrolment set up.