search

jamf / JamfSync

Jamf Sync utility for synchronizing between Jamf Pro distribution points and/or file folders
MIT License
34 stars 0 forks source link

Permissions issue with packages when using Jamf Sync #18

Open jcon526 opened 1 week ago

jcon526 commented 1 week ago

I saw that one of the posted issues already mentioned permissions problems, so apologies for repeating it, but it doesn't seem to be fixed:

I recently downloaded Jamf Sync v1.3.2 (I just found out today, 7-3-2024, that Jamf Admin was no longer supported).

I'm able to use the app to sync from our institution's jamfcloud instance to two different Mac minis (used as jamf package distribution points) just fine ... but when any of the newly-synced packages arrives, it triggers errors in the app (I can post those errors later if you need them). Despite the errors, the packages still copy fine.

However, when I go to the mac minis themselves, I check the permissions of the new packages, and they display the "jamfwrite" account being correctly set to "Read & Write", BUT "Everyone" is set to "No Access".

Because of this, when I run a jamf command to run a policy using the new package, it errors out trying to read the package from one of the distribution point mac minis because it has no access to it, and fails over to the jamfcloud instance.

I'm able to get around this by running terminal commands on each mac mini to fix the permissions of the entire "Packages" folder and its contents. But I wanted to post this so you were aware.

Again, apologies, as I'll be out of the office for about a week or so and won't be able to reply quickly. -jc

TimCraftA52 commented 4 days ago

I'll jump on this one since my original post was closed as fixed. This sounds very similar to my original issue.

In my case my read only AND read/write users ACL's are missing.

How it should be - perry-1# ls -ldea Slack_4.38.121* -rwxrwxrwx + 1 A52\jamfadmin wheel 192950416 May 13 15:57 Slack_4.38.121.pkg OWNER: user:A52\jamfadmin GROUP: group:wheel CONTROL:sacl_auto_inherited 0: user:A52\jamfclient allow file_gen_read 1: user:A52\jamfadmin allow file_gen_all

How it is now, user ACL's missing- -rwxrwxrwx + 1 A52\jamfadmin wheel 192950416 May 14 09:19 Slack_4.38.121_v1.pkg OWNER: user:A52\jamfadmin GROUP: group:wheel CONTROL:dacl_auto_inherited,sacl_auto_inherited 0: SID:S-1-5-88-3-384 deny

Posix is fine, the ACL's do not come over or maybe are removed after the copy?

I can confirm my NAS is functioning properly with ACL's being inherited to files being copied, it looks like after the copy you may be clearing these inherited ACL's after its done?