Unable to install macOS 11.x updates if initiated from a standard user account

bmack99
Contributor III

We are piloting macOS 11 in our environment and are running into a multitude of issues. One of which is updating the OS. If the update is initiated from a standard user account(or if jamf policy kicks off the softwareupdate and the logged in user is NOT an admin) then the update fails to install.

/var/log/install.log reveals an issue copying the BaseSystem.dmg to the update volume because of a permission issue to Recovery:

 

 

 

2021-07-22 11:35:18-05 WKSMACJAMFTEST softwareupdated[289]: Apply failed with: Error Domain=SUMacControllerError Code=7760 "[SUMacControllerErrorApplyFailed=7760] Failed to perform Apply operation: [MobileSoftwareUpdateErrorDomain(MSU):MSU_ERR_APPLY_FAILURE(17)_1_NSCocoaErrorDomain:513_2_NSPOSIXErrorDomain:1]" UserInfo={NSLocalizedDescription=Failed to apply the software update. Please try again., SUMacControllerErrorIndicationsMask=0, NSDebugDescription=[SUMacControllerErrorApplyFailed=7760] Failed to perform Apply operation: [MobileSoftwareUpdateErrorDomain(MSU):MSU_ERR_APPLY_FAILURE(17)_1_NSCocoaErrorDomain:513_2_NSPOSIXErrorDomain:1], NSUnderlyingError=0x7f989a3e3d80 {Error Domain=MobileSoftwareUpdateErrorDomain Code=17 "Failed to copy update BaseSystem.dmg to the update volume." UserInfo={NSUnderlyingError=0x7f989a326780 {Error Domain=NSCocoaErrorDomain Code=513 "“BaseSystem.dmg” couldn’t be copied because you don’t have permission to access “recovery”." UserInfo={NSSourceFilePathErrorKey=/System/Volumes/Update/softwareupdate.2471.lOIpGf/source/Restore/BaseSystem.dmg, NSUserStringVariant=(
    ), NSDestinationFilePath=/System/Volumes/Update/softwareupdate.2471.lOIpGf/recovery/BaseSystem.dmg, NSFilePath=/System/Volumes/Update/softwareupdate.2471.lOIpGf/source/Restore/BaseSystem.dmg, NSUnderlyingError=0x7f989a34a5a0 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}}, NSLocalizedDescription=Failed to copy update BaseSystem.dmg to the update volume., target_update=20G71}}}
 

 

 

  Anyone else seeing anything similar and or may know what I need to do to correct this? NONE of our users have local admin any longer.

3 REPLIES 3

emptypony61
New Contributor III

We have it run in a policy for incremental weekly. Two parts One is the Software Update Policies and the other is a Execute command. 

 

Screenshot

Under file and processes> Execute Command "softwareupdate -i -a"

bmack99
Contributor III

I guess I should follow up on this thread since I created it. This issue turned out to be a bug with the PAM software we were using (Cyberark v11.8). Once upgraded the macOS update issues ceased.