In the middle of AAMEE testing, we had to create some user accounts using a JSS policy (test1, test2, test3, test4 and test5). We used a policy:
Policy > Accounts tab > Create Accounts
Once we created the necessary accounts, we noticed a lot of the AAMEE packaged Adobe CS5 apps launched with irrecoverable errors. After some digging, we noticed the "group" attribute on the new test accounts was incorrect:
$ ls -l /Users
total 0
drwxrwxrwt 5 root wheel 170 Nov 8 12:27 Shared
drwxr-xr-x+ 14 admin staff 476 Nov 8 13:45 admin
drwxr-xr-x+ 16 test1 502 544 Nov 8 15:38 test1
drwxr-xr-x 12 test2 503 408 Oct 6 16:03 test2
drwxr-xr-x 12 test3 504 408 Oct 6 16:03 test3
drwxr-xr-x 12 test4 505 408 Oct 6 16:03 test4
drwxr-xr-x 12 test5 506 408 Oct 6 16:03 test5
I remembered that in a previous OS, when a new user is created, a matching group is created at the same time. So the "add users" function in JSS appears to use the old user:group values.
As a workaround, we added the following command to the Advanced tab that sets the group for all /Users directories to proper "staff" value. The command catches any user account that starts with lower case a-z:
Policy > Advanced > Run Command:
/usr/bin/chgrp -R staff /Users/[a-z]*
JAMF Support acknowledged the bug and said there would be a fix coming and they said it would be OK to post the issue and workaround.
Thanks,
Don
--
https://donmontalvo.com
