15 Sep Solving Dropbox Post-Install Issues with Installomator and Jamf Pro
Solving Dropbox Post-Install Issues with Installomator and Jamf Pro
Managing software deployment in enterprise environments can be a daunting task, especially when dealing with applications that have specific installation requirements. For macOS administrators, deploying Dropbox through Installomator in Jamf Pro presents a common challenge. One particular issue arises when it comes to handling the DropboxHelperInstaller and preventing constant administrator privilege prompts.
The Problem
Dropbox presents unique challenges in enterprise deployment scenarios that go beyond typical application installations:
The Administrator Privilege Prompt Issue
After deploying Dropbox through standard installation methods (including Installomator), users often encounter persistent prompts asking for administrator credentials. This happens because:
- Missing Helper Tool: The DropboxHelperInstaller isn’t properly extracted and configured during automated deployment
- Incorrect Permissions: The helper installer needs specific SUID permissions to function without prompting users
- User Context Requirements: Dropbox needs elevated privileges for certain operations, but should handle this transparently
Why Standard Deployment Methods Fall Short
Traditional deployment approaches often miss the post-installation configuration that Dropbox requires:
- DMG/PKG Installation: Only installs the main application bundle
- Installomator Default Behavior: Focuses on the primary application without handling auxiliary components
- Missing Post-Install Logic: The DropboxHelperInstaller.tgz remains unused in the application bundle
The Solution: A Comprehensive Post-Install Script
The solution involves creating a robust post-install script that handles the DropboxHelperInstaller extraction and configuration. Here’s what the script needs to accomplish:
Key Requirements
- Extract the Helper Installer: Locate and extract
DropboxHelperInstaller.tgzfrom the Dropbox application bundle - Set Proper Permissions: Configure SUID permissions (04511) for privilege escalation
- Ensure Root Ownership: Set ownership to root:wheel for security
- Validate Installation: Verify all components are properly configured
The script sets specific permissions that are crucial for proper operation:
- 04511 Permissions:
4= SUID bit (runs with owner privileges)5= Read + Execute for owner (root)1= Execute only for group1= Execute only for others
Create an Installomator policy for “Dropbox” to handle the initial installation or update of Dropbox. Set the Installomator script priority to execute before doing the installation or update of Dropbox. Afterward, incorporate the provided script into the same policy, assigning its execution priority to “after.”
Script Execution Order
- Priority: Before → Installomator (installs/updates Dropbox)
- Priority: After → DropboxHelperFix (configures helper installer)
This script is designed to run automatically after each Dropbox installation or update.
Dropbox Helper Installer Fix Script
fix_dropbox_helper.sh
#!/bin/bash
#
# Fix DropboxHelperInstaller
#
# Revised - 2025.09.15
#
# This script fixes issues with Dropbox displaying prompts for administrator privileges
# after installation. It extracts the Dropbox Helper Tool installer from each Dropbox
# installation to ensure compatibility and proper authorization.
#
# The script:
#
# 1. Validates Dropbox application exists and contains the helper installer
# 2. Creates the DropboxHelperTools directory if needed
# 3. Extracts the helper installer with proper permissions
# 4. Sets SUID permissions for elevated privilege operations
#
# Copyright (c) 2025 University of Utah, Marriott Library, Client Platform Services.
# All Rights Reserved.
#
# Permission to use, copy, modify, and distribute this software and
# its documentation for any purpose and without fee is hereby granted,
# provided that the above copyright notice appears in all copies and
# that both that copyright notice and this permission notice appear
# in supporting documentation, and that the name of The University
# of Utah not be used in advertising or publicity pertaining to
# distribution of the software without specific, written prior
# permission. This software is supplied as is without expressed or
# implied warranties of any kind.
set -euo pipefail # Exit on error, undefined vars, pipe failures
##################################
# Global Variables
##################################
readonly SCRIPT_NAME="$(basename "$0")"
readonly LOG_PREFIX="$(date '+%Y-%m-%d %H:%M:%S') - ${SCRIPT_NAME}"
# Dropbox paths - configurable section
readonly DROPBOX_APP_PATH="/Applications/Dropbox.app"
readonly DROPBOX_HELPER_INSTALLER_SOURCE_PATH="${DROPBOX_APP_PATH}/Contents/Resources/DropboxHelperInstaller.tgz"
readonly DROPBOX_HELPER_TOOLS_TARGET_DIR_PATH="/Library/DropboxHelperTools"
readonly DROPBOX_HELPER_INSTALLER_TARGET_PATH="${DROPBOX_HELPER_TOOLS_TARGET_DIR_PATH}/DropboxHelperInstaller"
##################################
# Functions
##################################
# Logging function
log()
{
local level="$1"
shift
echo "${LOG_PREFIX} - ${level}: $*"
}
# Validate Dropbox application exists and is properly installed
validate_dropbox_installation()
{
log "INFO" "Validating Dropbox installation..."
if [[ ! -d "$DROPBOX_APP_PATH" ]]; then
log "ERROR" "Dropbox application not found at: $DROPBOX_APP_PATH"
log "ERROR" "Please install Dropbox before running this script"
return 1
fi
if [[ ! -f "$DROPBOX_HELPER_INSTALLER_SOURCE_PATH" ]]; then
log "ERROR" "DropboxHelperInstaller.tgz not found in Dropbox bundle"
log "ERROR" "Expected location: $DROPBOX_HELPER_INSTALLER_SOURCE_PATH"
log "ERROR" "This may indicate a corrupted or incomplete Dropbox installation"
return 1
fi
# Verify the tar file is valid
if ! tar -tzf "$DROPBOX_HELPER_INSTALLER_SOURCE_PATH" >/dev/null 2>&1; then
log "ERROR" "DropboxHelperInstaller.tgz appears to be corrupted"
return 1
fi
log "SUCCESS" "Dropbox installation validated successfully"
return 0
}
# Create target directory with proper permissions
create_target_directory()
{
log "INFO" "Creating DropboxHelperTools directory..."
if [[ ! -d "$DROPBOX_HELPER_TOOLS_TARGET_DIR_PATH" ]]; then
if mkdir -p "$DROPBOX_HELPER_TOOLS_TARGET_DIR_PATH"; then
log "SUCCESS" "Created directory: $DROPBOX_HELPER_TOOLS_TARGET_DIR_PATH"
else
log "ERROR" "Failed to create directory: $DROPBOX_HELPER_TOOLS_TARGET_DIR_PATH"
return 1
fi
else
log "INFO" "Directory already exists: $DROPBOX_HELPER_TOOLS_TARGET_DIR_PATH"
fi
return 0
}
# Extract the helper installer
extract_helper_installer()
{
log "INFO" "Extracting DropboxHelperInstaller from Dropbox bundle..."
# Remove existing installer if present (force fresh extraction)
if [[ -f "$DROPBOX_HELPER_INSTALLER_TARGET_PATH" ]]; then
log "INFO" "Removing existing installer for fresh extraction"
rm -f "$DROPBOX_HELPER_INSTALLER_TARGET_PATH"
fi
# Extract without verbose output to reduce log noise
if tar -zxf "$DROPBOX_HELPER_INSTALLER_SOURCE_PATH" -C "$DROPBOX_HELPER_TOOLS_TARGET_DIR_PATH"; then
log "SUCCESS" "Successfully extracted DropboxHelperInstaller"
else
log "ERROR" "Failed to extract DropboxHelperInstaller"
return 1
fi
# Verify extraction was successful
if [[ ! -f "$DROPBOX_HELPER_INSTALLER_TARGET_PATH" ]]; then
log "ERROR" "DropboxHelperInstaller not found after extraction"
log "ERROR" "Expected location: $DROPBOX_HELPER_INSTALLER_TARGET_PATH"
return 1
fi
return 0
}
# Set proper permissions on the helper installer
set_permissions()
{
log "INFO" "Setting proper permissions on DropboxHelperInstaller..."
# Set ownership to root:wheel for both directory and installer
if chown root:wheel "$DROPBOX_HELPER_TOOLS_TARGET_DIR_PATH" "$DROPBOX_HELPER_INSTALLER_TARGET_PATH"; then
log "SUCCESS" "Set ownership to root:wheel"
else
log "ERROR" "Failed to set ownership"
return 1
fi
# Set SUID permissions (04511)
# 0 = no special modes for group/others
# 4 = SUID (set user ID on execution)
# 5 = read + execute for owner
# 1 = execute only for group
# 1 = execute only for others
if chmod 04511 "$DROPBOX_HELPER_INSTALLER_TARGET_PATH"; then
log "SUCCESS" "Set installer permissions to 04511 (SUID enabled)"
else
log "ERROR" "Failed to set installer permissions"
return 1
fi
# Verify permissions were set correctly
local perms
perms=$(stat -f "%Sp %u:%g" "$DROPBOX_HELPER_INSTALLER_TARGET_PATH" 2>/dev/null || echo "unknown")
log "INFO" "Final permissions: $perms"
return 0
}
# Verify the installation was successful
verify_installation()
{
log "INFO" "Verifying DropboxHelperInstaller installation..."
# Check file exists and is executable
if [[ ! -x "$DROPBOX_HELPER_INSTALLER_TARGET_PATH" ]]; then
log "ERROR" "DropboxHelperInstaller is not executable"
return 1
fi
# Check SUID bit is set
if [[ ! -u "$DROPBOX_HELPER_INSTALLER_TARGET_PATH" ]]; then
log "ERROR" "SUID bit not set on DropboxHelperInstaller"
return 1
fi
# Check ownership
local owner
owner=$(stat -f "%u:%g" "$DROPBOX_HELPER_INSTALLER_TARGET_PATH" 2>/dev/null || echo "unknown")
if [[ "$owner" != "0:0" ]]; then
log "ERROR" "Incorrect ownership on DropboxHelperInstaller (expected 0:0, got $owner)"
return 1
fi
log "SUCCESS" "DropboxHelperInstaller installation verified successfully"
return 0
}
##################################
# Main Execution
##################################
main()
{
log "INFO" "=== Starting Dropbox Helper Installer Fix ==="
log "INFO" "Script version: 2025.09.15"
log "INFO" "Running as: $(whoami)"
# Validate we're running as root
if [[ $EUID -ne 0 ]]; then
log "ERROR" "This script must be run as root (required for SUID permissions)"
log "ERROR" "Please run with sudo or as root user"
exit 1
fi
# Execute main steps
if ! validate_dropbox_installation; then
exit 1
fi
if ! create_target_directory; then
exit 1
fi
if ! extract_helper_installer; then
exit 1
fi
if ! set_permissions; then
exit 1
fi
if ! verify_installation; then
exit 1
fi
log "SUCCESS" "=== Dropbox Helper Installer Fix Completed Successfully ==="
log "INFO" "Dropbox should no longer prompt for administrator privileges"
exit 0
}
# Execute main function
main "$@"
No Comments