Jamf Nation Community

endor-moon · ‎05-23-2014

I'm trying to make the transition from DeployStudio monolithic imaging to Casper imaging (both thin and not). Part of our normal monolithic image with DeployStudio are some LaunchDaemons that live in /Library/LaunchDaemons. I have a couple of questions. First of all, I notice that unless I use a command-line text editor and save the plist directly I always end up with some sort of file attribute (signified by the @ sign below) that I can't seem to clear with chmod -RN. (I put a couple of x characters where our college name normally appears):

sh-3.2# ls -la
total 72
drwxr-xr-x 11 root wheel 374 23 May 09:31 .
drwxr-xr-x+ 71 root wheel 2414 22 May 14:36 ..
-rw-r--r--@ 1 root wheel 490 23 May 09:31 ca.xxxcollege.clean-warn.plist
-rw-r--r--@ 1 root wheel 481 23 May 09:31 ca.xxcollege.clean.plist
-rw-r--r--@ 1 root wheel 383 23 May 09:31 ca.xxcollege.postimage.plist
-rw-r--r--@ 1 root wheel 493 23 May 09:31 ca.xxcollege.reboot-warn.plist
-rw-r--r--@ 1 root wheel 482 23 May 09:31 ca.xxcollege.reboot.plist

My second question is, how do I package these? I'm guessing I have to log into the GUI as root, is that how others are doing this? (Composer won't let me navigate to the target folder.)

Such a helpful community here. Thanks in advance.

mm2270 · ‎05-23-2014

/Library/LaunchDaemons is a readable directory by everyone on the system, so you should not need to log into the GUI as root to be able to drag those over into Composer.
As for the "@" in the listings, that indicates some extended attributes are present on the files. Use xattr to list those attributes on them, like this-

xattr /Library/LaunchDaemons/ca.xxxcollege.clean-warn.plist

It will list any attributes on the files.
You can delete all extended attributes on a file using:

xattr -c /path/to/file

My suggestion though would be to use an application designed to create launchd files such as Lingon or LaunchControl. These applications make certain the format is correct as well as all the permissions and ownership on them.
Barring the above, use a text editor like TextWrangler (free on the MAS)

HTH

View solution in original post

mm2270 · ‎05-23-2014

/Library/LaunchDaemons is a readable directory by everyone on the system, so you should not need to log into the GUI as root to be able to drag those over into Composer.
As for the "@" in the listings, that indicates some extended attributes are present on the files. Use xattr to list those attributes on them, like this-

xattr /Library/LaunchDaemons/ca.xxxcollege.clean-warn.plist

It will list any attributes on the files.
You can delete all extended attributes on a file using:

xattr -c /path/to/file

My suggestion though would be to use an application designed to create launchd files such as Lingon or LaunchControl. These applications make certain the format is correct as well as all the permissions and ownership on them.
Barring the above, use a text editor like TextWrangler (free on the MAS)

HTH

endor-moon · ‎05-23-2014

mm2270: Thanks for the command to clear extra attributes; that will save some time. Since I couldn't figure out how to create the package using a drag and drop method with Composer, I did a snapshot before and after and deleted the extraneous information.

rmanly · ‎05-27-2014

I would NOT recommend clearing ALL attributes willy nilly.

xattr -d some.attribu.te some.file

Will delete just the attribute you specify.

To see what the attribute is you can use:

ls -l@

Most likely these are com.apple.FinderInfo so something like

for plist in ./*.plist; do
    xattr -d com.apple.FinderInfo "${plist}"
done

Will clear them.

JPDyson · ‎05-27-2014

@rmanly Can you explain why? In what case does an extended attribute actually contain anything pertinent, particularly to a launch daemon?

chris_kemp · ‎05-27-2014

I suspect that they probably aren't important, given what you've told us so far - of course, it can't hurt to look first. :-) I've created a few LaunchDaemons for our installations, and as long as they are owned by root/wheel and have proper file permissions they were just fine, and had no extented attributes. (FWIW, I probably did them in vi...)

JPDyson · ‎05-27-2014

I think vi is the reason they lacked extended attributes. In the cases where I've used GUI editors, I often get them. In either case, two things are true:

I've seen a LaunchDaemon NOT work until ALL attributes were removed, and then it worked
Extended attributes, by definition, do not modify the content of the file. It's just metadata that isn't used by the file system. Sure, the OS could be designed to store pertinent information here, but it's bad design (pretty sure it's implemented as forks in OS X).

rmanly · ‎05-27-2014

It is true that in this particular case it is probably perfectly safe to delete all the xattr data. There are still cases where the xattr actually does point to real, valid, Resource Forks. I still run into this every year with fonts…yes, in 2014…it sucks :P

Why use a hatchet to go chopping about when a scalpel is just as good?

Suggesting things like ```
xattr -c -r ./
or
rm -rf *
``` is not good for the less experienced who will Google about and do things without understanding all the possible issues. Like deleting all the colored tags a user set up to find folders easily.

scottb · ‎05-27-2014

interestingly, all of the xattr I've seen on older LD's have been "apple quarantine". So I don't know if it's Xprotect or some other Apple process at work there. I found a few of those that were inherited on older test Macs that were better removed.

Jamf Nation Community

LaunchDaemon questions