"PrivilegesCLI: Permission denied" in terminal

SAP / macOS-enterprise-privileges

For Mac users in enterprise environments, this application gives users control over the administration of their machine by elevating their level of access to administrator privileges on macOS. Users can set a timeframe in the application's settings to perform specific tasks, such as installing or removing an application.

Apache License 2.0

1.4k stars 150 forks source link

"PrivilegesCLI: Permission denied" in terminal #29

Closed mikeym328 closed 2 years ago

mikeym328 commented 2 years ago

We have noticed that after deploying Privileges, when a user opens a new terminal window there is a message right above the prompt that says "PrivilegesCLI: Permission denied". This happens if the user is admin or standard. What is the cause of this and can it be removed? System: macOS 12.3.1

rtrouton commented 2 years ago

I’m unable to reproduce this behavior on my end and it’s not expected behavior. Can you provide more information on how you have Terminal configured?

My suspicion is that there is a shell configuration which is unsuccessfully trying to call the PrivilegesCLI command line tool when a new Terminal session opens. For the zsh shell, there are several files which may be referenced (please see https://scriptingosx.com/2019/06/moving-to-zsh-part-2-configuration-files/ for more details) with the most common being the .zshrc file in the user’s home directory.

mikeym328 commented 2 years ago

There is no reference to PrivilegesCLI in the .zshrc files. The issue seems to be the way the Privileges app was packaged for MDM distribution. A file is written to /private/etc/paths.d/PrivilegesCLI. If I set the permissions to allow everyone read (or just delete the file) the error goes away.

rtrouton commented 2 years ago

Sounds like this issue is addressed then.