Jamf Nation Community

Asifahmed · ‎07-04-2023

I was curious to know that when I drag and drop the source of Firefox, I can see group permission is set for "wheel" and for Google Chrome group permission is set for "staff", now I dont understand one thing, if I install both apps I am able to open the apps from /applications from a user who is not the member of wheel, why?

Same thing was not working for LogMeIn Rescue app, so I changed the permission to "staff" from "wheel" and it started working. So I am confused, can anyone explain me? I am really very curious to know it.

AJPinto · ‎07-05-2023

Unless you change the permissions specifically, "everyone" has read and execute access to everything in /Applications. Ownership (root), and group access (wheel or staff in your case) just give permissions beyond "everyone" having read and execute access.

drwxrwxr-x means all users have read and execute privileges over the file. This would be written out as 755, and what JAMF Composer would show. You would want something like 750 if you don't want "everyone" to have access to the file or 754 if you won't want "everyone" to be able to execute the file.

https://www.elated.com/understanding-permissions/

Asifahmed · ‎07-05-2023

Confusion is that, when I installed another app named LogMeIn I saw the permission is set 755 with ownership group is wheel, and I tried to open the app from an user who is not the member of wheel and it doesnt open from that user account. So I changed the group permission from wheel to staff (755)and built the package and installed it again. Now I am able to open the LogMeIn app from that user as that group is the member of staff but not the member of wheel, so I am little confused if any other logic here to open the app. LogMeIn app is signed app also, any idea?

Jamf Nation Community

Permission