- Jamf Nation Community
- Products
- Jamf Pro
- Re: New users are being created with System as own...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
New users are being created with System as owner of their home folders
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-20-2018 01:00 PM
We recently deployed a set of preferences for Adobe apps. We had it packaged as a .dmg and the policy was set to run at login with an ongoing frequency. Both FUT and FEU were checked. This was scoped to around 120 Macs.
Something has gone wrong and now any user, local or AD, account that is created has System as the owner of their home folder instead of the user itself. I compared permissions on User Template folder on a working and non working Mac and they appear to be the same.
I have not been able to write a script that allows me to copy the User Template folder from one machine to another. Every time I get permissions errors...
We disabled the policy, but that did not resolve the issue. Reimaging the machine works but I am hoping to find a fix that doesn't involve that.
I can't seem to find any information about how the OS generates the default permissions for a new user folder.
Labels:
- Labels:
-
Settings and Security Management
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-20-2018 05:55 PM
I’d move away from using FUT/FEU. Script a package to write to each users plist library. It’ll save you the headache later down the road.
Just my .02c.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-20-2018 09:53 PM
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-20-2018 10:20 PM
Yes, they are plist files in the .dmg being pushed. How else would you change the default settings in applications for every user that logs in? I used Composer to snapshot before and after the preferences were set on all our standard applications.
We have a specific set of preferences for the Creative Cloud applications that we want to be defaults for every user who logs in. That involves pushing a number of .plist files to User/Library/Preferences.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-20-2018 11:53 PM
@stiermanc wrote:
How else would you change the default settings in applications for every user that logs in?
Example...
#!/bin/sh
over500=$( dscl . list /Users UniqueID | awk '$2 > 500 { print $1 }' )
## Set User Template (FUT)
/usr/bin/defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.company.product.plist <key> <value>
/usr/bin/defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.company.product.plist <key> <value>
/usr/bin/defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.company.product.plist <key> <value>
/usr/bin/defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.company.product.plist <key> <value>
/bin/chmod -R 700 /System/Library/User Template/English.lproj/Library/Preferences/com.company.product.plist
/usr/sbin/chown root:wheel /System/Library/User Template/English.lproj/Library/Preferences/com.company.product.plist
## Set for existing users (FEU)
for u in $over500 ;
do
/usr/bin/defaults write /Users/"$u"/Library/Preferences/com.company.product.plist <key> <value>
/usr/bin/defaults write /Users/"$u"/Library/Preferences/com.company.product.plist <key> <value>
/usr/bin/defaults write /Users/"$u"/Library/Preferences/com.company.product.plist <key> <value>
/usr/bin/defaults write /Users/"$u"/Library/Preferences/com.company.product.plist <key> <value>
/bin/chmod -R 700 /Users/"$u"/Library/Preferences/com.company.product.plist
/usr/sbin/chown "$u" /Users/"$u"/Library/Preferences/com.company.product.plist
done
exit 0Not a fan of the DMG format as used by Composer...however looking forward to the day drag-install DMGs can be uploaded to Jamf Pro, to deploy stuff provided by vendors in a DMG without having to re-package.
--
https://donmontalvo.com
https://donmontalvo.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-21-2018 06:37 AM
@donmontalvo and @rqomsiya ,
have pointed you in the right direction. I'd also look at outset
to run the script(s) at login
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-21-2018 10:50 AM
I’ll give that script a shot and see if I can make it work.
Any thoughts on fixing the machines that are making system the default owner of any new home folder? I’d like to avoid reimaging a hundred machines.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-22-2018 07:33 AM
We had a similar issue with FEU as you describe. It seems that any user with a space in their username (and therefore home holder) e.g John Smith instead of john smith got permissions incorrectly assigned to the local next user WITHOUT a space. In our case it was _Sophos. Users WITHOUT a space in their home folder didn't exhibit this issue. Because all our AD users have a space in their name this issue affected any AD user. In my opinion it's a bug in JAMF Pro and I have reported it as such. Its also a potentially huge security breach. Imagine if a local user with no spaces in their name is given permission to access an AD users local files? We had to wrote a script to re-apply the correct permissions after we pushed down the preference files. NOT ideal.
