Closed kbareis closed 9 months ago
rnicolson
commented
11 months ago We are seeing this issue as well but I am a little concerned about applying the sticky bit to the entire directory. Since other application files are in that directory it could have unexpected consequences for those. Have you seen any issues with them? My concern is that we would not see an issue until those applications required some sort of update or change.
phastier
commented
10 months ago Sticky bits in general are suspicious. To a whole directory is for me a "no way"
phastier
commented
10 months ago I'm concerned that 1.5.4 can not remove privileges since end of October in fact. And surprised that the devs themselves have not seen the issue.
mthielemann
commented
9 months ago Unfortunately we cannot reproduce this issue on our end. We use Privileges 1.5.4 on about 40.000 Macs and don't see any issues with macOS 14.
I know the preinstall and postinstall scripts are not part of this repo but I wanted to put this out there incase others ran into. It appears that on Sonoma and/or with the latest build, some of the permissions have minor changes causing the postinstall script to not properly auth the helper and thus causing an enduser to auth with admin creds to use the app the first time. In my workflows, users come in as standard users via ADE and cannot do this auth. This lead me to find two minor differences in Sonoma and 1.5.4 of Privileges.
Below are the two lines I needed to modify in https://gist.github.com/rtrouton/91a7c7fc35bc338cff54f48a01f2e899#file-gistfile1-txt. It appears that a sticky bit has been added to the PrivilegedHelperTools folder and the helper itself needs 544 vs 755.
/bin/chmod 1755 "/Library/PrivilegedHelperTools"/bin/chmod 544 "/Library/PrivilegedHelperTools/corp.sap.privileges.helper"