Re: Admin authorization vs Root authorization
Re: Admin authorization vs Root authorization
- Subject: Re: Admin authorization vs Root authorization
- From: "Perbix, Michael" <email@hidden>
- Date: Tue, 27 Jun 2006 09:25:52 -0400
- Thread-topic: Admin authorization vs Root authorization
Title: Re: Admin authorization vs Root authorization
Ok, I guess I should clarify what I am trying to do. We have a district wide image with 2 local user accounts, our admin account, and a student account with no password that people use when using the laptop. The Student account is blown away and recreated on every logoff by a script from the template located in System/Library/User Template/English.lproj.
When I install packages, they are custom installs of already configured applications where I install the Apps and whatever support files need to be installed, as well as a preference file if needed in the local account pref directory as well as the template. All software is installed at the time of imaging via a NetRestore post-action script.
When the login script runs for the first time, it binds my client to AD and OD then looks to see if any additional user accounts should be on that machine, if so, it runs a script to add the users (copy the contents of the template for their home) thereby delivering all the custom prefs as well.
I noticed that if I have a package set to require ROOT authorization, installer messes with the permissions structure of the underlying folders. I have since made the destination folder the default install location of the files (instead of root) and had the same result. I then turned off authentication and it works correctly. Since the installer is being installed by ROOT at the time of imaging, authentication is not really needed for it to work, but SOMETIMES these packages are also run ad-hoc to add software to a users machine.
So I guess I have two options.
Require Authorization and make sure that all permissions are set correctly on the underlying folders.
User a post-flight script to do everything after the fact.
I don’t see why I can’t do it just with the installer....Tell it where to put the file and be done with it.
The bottom line is, if I was JUST installing software during imaging then no problem...it is all done as root. So I might just disable authentication all together. I could then use ARD and a Unix script run as ROOT to install packages, or local on the workstation in Terminal using SUDO.....
-Mike
On 6/26/06 10:22 AM, "Perbix, Michael" <email@hidden> wrote:
I have a meta-package with several components, one of which is a preference file being put into a local user account. When I use ROOT AUTH required (making the package with Iceberg) and choose the preferences folder as the default install spot, it modifies the permissions on the folder.
I know this is a bug (or perhaps design) of the installer...but how can I force authentication of a package without the path getting munged like that? Would Admin Auth be a better choice?
I am also installing a kernel extension, so that causes authentication for the whole metapackage....by not requiring authentication on the other components, they all install correctly.
What is the best manner in which to do this...I am designing custom software installs of all our used software with all customizations and preferences...I install the apps, support files, and preferences (to the template, and 2 local users).
-Mike
_______________________________________________
Michael Perbix
Lower Merion School District
Telecommunications Specialist
(610) 645-1964 - Work
(610) 896-2019 - Fax
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Installer-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Michael Perbix
Lower Merion School District
Telecommunications Specialist
(610) 645-1964 - Work
(610) 896-2019 - Fax
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Installer-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden