Jamf Nation Community

obi-k · ‎07-13-2022

Hi there,

Some Adobe Lightroom users are seeing the permissions error below when launching the application on Monterey. Adobe provided fixes here. A script sets the permissions correctly.

If we follow the instructions by downloading the shell script, dragging it into the Terminal window, and executing it under the current user with the issue, the problem is resolved.

If the same script is uploaded to Jamf and run, the script tries to correct the root user and not the user logged in. The policy errors out with return code 1.

Here are the script and the log results.

LightroomCorrectPermission.sh

#!/bin/bash
# reclaim Inactive memory due to memory leaks by Jenkins

echo === `date`

id=`id -u -nr`

home=/Users/$id

declare -a arr=( "Documents/Adobe/" "Library/Preferences/Adobe/" "Library/Caches/Adobe/" "Library/Application Support/Adobe/" )

for i in "${arr[@]}"
do
echo "----------------------------------"
echo "Process folder: $home/$i"

echo "Restore owner: sudo chown -R $id $home/$i"
sudo chown -R $id "$home/$i"

echo "Restore read/write permission: chmod -RL +rwX $home/$i"
chmod -RL +rwX "$home/$i"

echo "Remove ACL: chmod -RN $home/$i"
chmod -RN "$home/$i"
done

Log in Jamf:

Script result: === Tue Jul 12 14:37:52 EDT 2022
---------------------------------- Process folder: /Users/root/Documents/Adobe/ Restore owner: sudo chown -R root /Users/root/Documents/Adobe/ chown: /Users/root/Documents/Adobe/: No such file or directory Restore read/write permission: chmod -RL +rwX /Users/root/Documents/Adobe/ chmod: /Users/root/Documents/Adobe/: No such file or directory Remove ACL: chmod -RN /Users/root/Documents/Adobe/ chmod: Failed to clear ACL on file /Users/root/Documents/Adobe/: No such file or directory ---------------------------------- Process folder: /Users/root/Library/Preferences/Adobe/ Restore owner: sudo chown -R root /Users/root/Library/Preferences/Adobe/ chown: /Users/root/Library/Preferences/Adobe/: No such file or directory Restore read/write permission: chmod -RL +rwX /Users/root/Library/Preferences/Adobe/ chmod: /Users/root/Library/Preferences/Adobe/: No such file or directory Remove ACL: chmod -RN /Users/root/Library/Preferences/Adobe/ chmod: Failed to clear ACL on file /Users/root/Library/Preferences/Adobe/: No such file or directory ---------------------------------- Process folder: /Users/root/Library/Caches/Adobe/ Restore owner: sudo chown -R root /Users/root/Library/Caches/Adobe/ chown: /Users/root/Library/Caches/Adobe/: No such file or directory Restore read/write permission: chmod -RL +rwX /Users/root/Library/Caches/Adobe/ chmod: /Users/root/Library/Caches/Adobe/: No such file or directory Remove ACL: chmod -RN /Users/root/Library/Caches/Adobe/ chmod: Failed to clear ACL on file /Users/root/Library/Caches/Adobe/: No such file or directory ---------------------------------- Process folder: /Users/root/Library/Application Support/Adobe/ Restore owner: sudo chown -R root /Users/root/Library/Application Support/Adobe/ chown: /Users/root/Library/Application Support/Adobe/: No such file or directory Restore read/write permission: chmod -RL +rwX /Users/root/Library/Application Support/Adobe/ chmod: /Users/root/Library/Application Support/Adobe/: No such file or directory Remove ACL: chmod -RN /Users/root/Library/Application Support/Adobe/ chmod: Failed to clear ACL on file /Users/root/Library/Application Support/Adobe/: No such file or directory

Error running script: return code was 1.

jamf-42 · ‎07-13-2022

script runs as root, your 'id' command is getting root user.. you want logged in user, plus your variable is the same name as the command..

currUser=$(ls -l /dev/console | awk '{print $3}')

View solution in original post

Tribruin · ‎07-13-2022

As you mentioned, the script is running as root when run from Jamf. Your script will need to determine the current active user and not what user the script is running under.

Here is what I typically use:

id=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
home=$(dscl . -read "/Users/${id}" NFSHomeDirectory | awk '{print $NF}')

I also changed how the the home directory is determined in case there is a rare instance that the user's home folder is not /Users/<<userid>>

View solution in original post

jamf-42 · ‎07-13-2022

script runs as root, your 'id' command is getting root user.. you want logged in user, plus your variable is the same name as the command..

currUser=$(ls -l /dev/console | awk '{print $3}')

Tribruin · ‎07-13-2022

As you mentioned, the script is running as root when run from Jamf. Your script will need to determine the current active user and not what user the script is running under.

Here is what I typically use:

id=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
home=$(dscl . -read "/Users/${id}" NFSHomeDirectory | awk '{print $NF}')

I also changed how the the home directory is determined in case there is a rare instance that the user's home folder is not /Users/<<userid>>

obi-k · ‎07-13-2022

Thanks, guys. My scripting skills aren't awesome. So, it'll look something like this?

#!/bin/bash

echo === `date`

id=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )

home=$(dscl . -read "/Users/${id}" NFSHomeDirectory | awk '{print $NF}')

declare -a arr=( "Documents/Adobe/" "Library/Preferences/Adobe/" "Library/Caches/Adobe/" "Library/Application Support/Adobe/" )

for i in "${arr[@]}"
do
echo "----------------------------------"
echo "Process folder: $home/$i"

echo "Restore owner: sudo chown -R $id $home/$i"
sudo chown -R $id "$home/$i"

echo "Restore read/write permission: chmod -RL +rwX $home/$i"
chmod -RL +rwX "$home/$i"

echo "Remove ACL: chmod -RN $home/$i"
chmod -RN "$home/$i"
done

donmontalvo · ‎07-14-2022

I had to look up "X" (capital "x") in the chmod manpage . #wipesbrow

chmod -RL +rwX "$home/$i"

--
https://donmontalvo.com

Jamf Nation Community

Why doesn't this script work? Adobe Lightroom fix ...