Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Boundary Desktop for MacOS v2.0.2 - EACCES: permission denied #5019

Open
richardleeps opened this issue Aug 14, 2024 · 7 comments
Open

Boundary Desktop for MacOS v2.0.2 - EACCES: permission denied #5019

richardleeps opened this issue Aug 14, 2024 · 7 comments
Assignees
@cameronperera
Labels
bug Something isn't working triage

Comments

@richardleeps
Copy link

Describe the bug
Running MacOS 14.5 (23F79) on Apple device which is managed through Intune.
Boundary desktop app is working but unable to Download/Install a new version through the app.

The following error is displayed

Could not update
EACCES: permission denied, mkdir '/Applications/Boundary.app/Contents/Resources/nextVersion'

To Reproduce
Steps to reproduce the behavior:

  1. Start Desktop App
  2. Wait for the "A new version is available for download." popup
  3. Click download

Expected behavior
Installation of the updated version should work

Additional context
Desktop app

Version: 2.0.2
Commit: 798cfc68287fd1863fee323e4e08e23d24c4141e

CLI Version: 0.15.3
CLI Commit: 83c86bb

Also running the app as root doesn't make a difference
"sudo "/Applications/Boundary.app/Contents/MacOS/Boundary" "
Screenshot 2024-08-14 at 09 47 53
@richardleeps richardleeps added the bug Something isn't working label Aug 14, 2024
@cameronperera
Copy link
Collaborator

@richardleeps thanks for reporting this issue. Could you provide me with a few extra details to help us troubleshoot?

  1. Is only the apple device managed through Intune or is Boundary Desktop also managed through Intune?
  2. What is the CPU architecture of your apple device? Intel or Apple Silicon
  3. How are you starting Boundary Desktop and are you ever using sudo when starting?

@richardleeps
Copy link
Author

@cameronperera

  1. Apple device is managed through Intune, Boundary Desktop is installed manual. (I can push it with Intune if needed)
  2. Apple Silicon - M2
  3. Starting Boundary Desktop via the application list as user. Never using sudo.

@cameronperera
Copy link
Collaborator

@cameronperera

  1. Apple device is managed through Intune, Boundary Desktop is installed manual. (I can push it with Intune if needed)
  2. Apple Silicon - M2
  3. Starting Boundary Desktop via the application list as user. Never using sudo.

Thanks for the info. No need to go through Intune for Boundary Desktop. I just wanted to check as we troubleshoot this.

@gsusmi gsusmi added the triage label Aug 15, 2024
@cameronperera
Copy link
Collaborator

@richardleeps
From looking over Intune docs and past issues, Intune is restricting write privileges which is causing the error you see. If you are able to have an Intune admin adjust a policy that might work. The other option, as you mentioned above, is to manage Boundary Desktop through Intune. I found some guides here to help with that but I am unsure if that will resolve the auto app updater issue for you. Please let me know if that helps resolve your issue.

@richardleeps
Copy link
Author

richardleeps commented Aug 16, 2024
edited
Loading

@cameronperera
We pushed the image from Intune (after we first had removed from the client) but same issue.
Also tried to give Boundary "Full disk access" but no luck

Tried to manually create the nextVersion directory but there is no way that the system allows me to create a folder in the app directory. Is there a way to adjust the update script so it creates something in a /tmp/ folder ?

user@xxx Resources % mkdir nextVersion
mkdir: nextVersion: Operation not permitted
user@xxx Resources % sudo mkdir nextVersion
Password:
mkdir: nextVersion: Operation not permitted
user@xxx Resources % sudo -s
root@xxx  Resources # sudo mkdir nextVersion
mkdir: nextVersion: Operation not permitted

root@xxx  Resources # pwd            
/Applications/Boundary.app/Contents/Resources
root@xxx Contents # ls -l
total 16
drwxr-xr-x  10 root  admin   320 Aug 16 09:34 Frameworks
-rw-r--r--   1 root  admin  2630 Aug 16 09:34 Info.plist
drwxr-xr-x   3 root  admin    96 Aug 16 09:34 MacOS
-rw-r--r--   1 root  admin     8 Aug 16 09:34 PkgInfo
drwxr-xr-x  61 root  admin  1952 Aug 16 09:34 Resources
drwxr-xr-x   3 root  admin    96 Aug 16 09:34 _CodeSignature

@anando-chatterjee
Copy link

@richardleeps
If I understand correctly, your corporate Apple device is being managed via MSFT Intune in which case you'd use Intune to push newer versions of Boundary's desktop client instead of using the built-in auto-updater.

The auto-updater not working on a managed laptop appears to be working as designed. Are you having trouble pushing newer versions of the desktop client via Intune?

@richardleeps
Copy link
Author

@anando-chatterjee
We have updated the Intune package to v2.1.0 - Thanks, but having an another issue :)

Its being pushed to the client but nested in the App "boundary.app" which has v2.0.2
When we remove the v.2.0.2 first Incl all folders, Intune installs the app in the correct place

xxx@MacBook-Pro-2 Boundary.app % ls
Boundary.app	Contents
xxx@MacBook-Pro-2 Boundary.app % pwd
/Applications/Boundary.app

Not sure if this is a boundary package issue or Intune. We do not see the same behaviour with other apps and on Intune side there is not much to tweak there for dmg packages.
We will look further into this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cameronperera cameronperera

Labels
bug Something isn't working triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@gsusmi @cameronperera @anando-chatterjee @richardleeps