Installer via command line

jhalvorson
Valued Contributor

This is a question about the installer command. I am trying to install a vendor's .pkg by placing it in /tmp and using a postflight script to install it. (The software is Tivoli Endpoint Manager aka BigFix Agent.)

The installer command in the postflight is working, but it's not setting the permissions for the app to be allowed by everyone. When double-clicking on the pkg, there is a point in the GUI that prompts to select to "Install for all users of this computer".

Via the Installer command, Is there a way to ensure that is enabled?

1 ACCEPTED SOLUTION

jhalvorson
Valued Contributor

Either a manual install using the vendors pkg or my remote deployment sets the /Library/BESAgent folder to 700. As for the owner, If I manually install, the owners is the current user logged in. If I remotely install, it's owned by username that has the UID of 501.

After installation, resetting the permission allows it work for any user logged in. Both the user app and the process run as properly when I do the following:

chown -R root:wheel /Library/BESAgent
chmod -R 755 /Library/BESAgent

I am concerned because the vendor's permission are not right even when I simply click on the pkg and select the option to allow all users to use the application. (Tested on both 10.7.5 and 10.8.2) It's a case of knowing how to fix it, but is there a reason they don't want root:wheel and 755. Waiting to hear back from IBM about their product.

In order to install the pkg, a "masthead" config file has to be in the same directory. I could do a Composer - normal snapshot capture, but since the change on how to deploy Acrobat flash 11.5, I am really liking and trusting the process of placing the OEM installer into the /tmp folder and using the Installer command. (Might just be a false case of warm and fuzzies.)

Thanks for the other suggestions. I'll look into them.

------Jan 10, 2013 Follow up -----
IBM Support admitted this is a known issue with the 8.2.1322 installer and said it could be resolved after installation by the following command:

chown -f -R root:wheel /Library/BESAgent chmod -f -R go-wx /Library/BESAgent chmod -f -R go+x /Library/BESAgent chown -f -R root:wheel "/Library/Application Support/BigFix/BES Agent"

I added my own flavor of the above to the postflight script and now the BESAgent is working.

View solution in original post

7 REPLIES 7

jarednichols
Honored Contributor

What's the app's umask and owner/group? Seems like a simple chown/chmod may do what you're after.

donmontalvo
Esteemed Contributor III

@jhalvorson Might want to post this to the Apple Installer-Dev list.

https://lists.apple.com/mailman/listinfo/installer-dev

--
https://donmontalvo.com

justinrummel
Contributor III

this might be the flag you need. A little more google searching would confirm yes or no.

man installer

A list of flags and their descriptions: -dominfo Displays a list of domains into which the software package can be installed. For example: LocalSystem or CurrentUserHomeDirectory. The domains listed are those which are available and enabled when the command is run.

mm2270
Legendary Contributor III

So, is there a reason you're trying to install the package that way as opposed to just dropping the pkg into Casper Admin as is, and deploying it? There may be a very good reason, but just asking.
I assume when the installer asks if you want it installed for all users, its probably just placing some of the application support files in the main Library folder as opposed to the current user's Library, but not sure. I've never seen a case where an app installed to /Applications didn't have permissions set for all users on the Mac to launch it. But... it could just be a badly developed package install.

wbs75
New Contributor

source http://bigfix.me/cdb/fixlet/163

prefetch BESAgentUpgrade.dmg sha1:0b3bf36e78ff4b9fa4619e16b850e5bbc6ef1918 size:9522353 http://software.bigfix.com/download/bes/81/BESAgent-8.1.634.0-BigFix_MacOSXUpgrade.dmg
delete /tmp/BESAgentUpgrade.dmg
continue if {9522353 < free space of drive of folder "/tmp"}
copy __Download/BESAgentUpgrade.dmg /tmp/BESAgentUpgrade.dmg 
wait hdiutil attach -quiet -private -mountpoint "/tmp/bfclientmnt" /tmp/BESAgentUpgrade.dmg
wait rm -rf "/tmp/TivoliEndpointManager.pkg"
wait cp -r "/tmp/bfclientmnt/TivoliEndpointManager.pkg" "/tmp/TivoliEndpointManager.pkg"
wait /bin/sh -c "hdiutil detach -force `mount | grep /tmp/bfclientmnt | cut -f 1 -d  | cut -f 3 -d / | head -1`"
delete /tmp/BESAgentUpgrade.dmg
// The following line may show as Failed if the command executes a restart of the client - This is normal behaviour on success
wait /bin/sh -c "trap '' 15; installer -pkg /tmp/TivoliEndpointManager.pkg -target /"

jhalvorson
Valued Contributor

Either a manual install using the vendors pkg or my remote deployment sets the /Library/BESAgent folder to 700. As for the owner, If I manually install, the owners is the current user logged in. If I remotely install, it's owned by username that has the UID of 501.

After installation, resetting the permission allows it work for any user logged in. Both the user app and the process run as properly when I do the following:

chown -R root:wheel /Library/BESAgent
chmod -R 755 /Library/BESAgent

I am concerned because the vendor's permission are not right even when I simply click on the pkg and select the option to allow all users to use the application. (Tested on both 10.7.5 and 10.8.2) It's a case of knowing how to fix it, but is there a reason they don't want root:wheel and 755. Waiting to hear back from IBM about their product.

In order to install the pkg, a "masthead" config file has to be in the same directory. I could do a Composer - normal snapshot capture, but since the change on how to deploy Acrobat flash 11.5, I am really liking and trusting the process of placing the OEM installer into the /tmp folder and using the Installer command. (Might just be a false case of warm and fuzzies.)

Thanks for the other suggestions. I'll look into them.

------Jan 10, 2013 Follow up -----
IBM Support admitted this is a known issue with the 8.2.1322 installer and said it could be resolved after installation by the following command:

chown -f -R root:wheel /Library/BESAgent chmod -f -R go-wx /Library/BESAgent chmod -f -R go+x /Library/BESAgent chown -f -R root:wheel "/Library/Application Support/BigFix/BES Agent"

I added my own flavor of the above to the postflight script and now the BESAgent is working.

donmontalvo
Esteemed Contributor III

@jhalvorson One of the things we've focussed on for the past few years is reaching out to vendors to show them how their installer package has faults that need to be fixed (Adobe, Parallels, EnCase, Eracent, EFI, AtHoc, etc.)...most of the time they're receptive and they turn around a proper package in a good amount of time. Of course if you've got a huge product like Creative Suite, it takes longer, but they're making excellent progress. :D

It stinks that IBM is distributing a non-silent package, but my guess is they have in house developers that need a bit of hand holding. Just an FYI, if you open a ticket and request a call with their in house Mac dev team, they might surprise you with a fix. So the package can be deployed with the right permissions, and for all users, silently without having to touch the machines. :)

Don

--
https://donmontalvo.com