starred/rustdesk-rustdesk
1
0
Fork 0
mirror of https://github.com/rustdesk/rustdesk.git synced 2026-03-02 19:26:56 -05:00
Code Issues 77 Projects Packages Wiki Activity

Deployment issues for RustDesk desktop on Mac #3220

New issue
Closed
opened 2026-02-21 01:12:48 -05:00 by deekerman · 1 comment
deekerman commented 2026-02-21 01:12:48 -05:00
Owner
Copy link

Originally created by @jelockwood on GitHub (Jan 7, 2025).

Bug Description

We are currently testing RustDesk desktop with the OSS server. We have successfully built/configured the server and have successfully manually configured RustDesk desktop on Mac to connect to a Windows machine and vice versa.

However our ultimate goal is to then deploy the RustDesk desktop client to all our Macs and to automate this as much as possible. Like many organisations we do not want to give our users local admin privileges on their (Mac) computers.

In testing this I have therefore observed problems which make it difficult to impossible to automate mass deployment. See further notes in the 'How to Reproduce' section.

How to Reproduce

First testing using a local non-admin level user account. I ran the provided example macOS deployment bash script as listed at https://rustdesk.com/docs/en/self-host/client-deployment/ and inserted the correct valid value for the rustdesk_cfg

Attempt 1

  1. login as non-admin user
  2. open Terminal.app
  3. execute the script (with cfg string) to install and configure the RustDesk desktop app

Result1

It asks for a password
sudo: a password is required

This corresponds to line 12 of the provided script which reads -
[ "$UID" -eq 0 ] || exec sudo bash "$0" "$@"

If the user types their own password it will still fail as they are not a 'sudoer'

Note: Even if one ignores the above issue I would expect a non-admin user would then get a subsequent failure as they would not have the required permission to allow the script to copy the RustDesk.app from the downloaded and mounted disk image to the /Applications folder.

Attempt2

  1. login as admin user
  2. open Terminal.app
  3. execute the script (with cfg string) to install and configure the RustDesk desktop app

Result2

It asks for a password
sudo: a password is required

This corresponds to line 12 of the provided script which reads -
[ "$UID" -eq 0 ] || exec sudo bash "$0" "$@"

If one enters the users password it accepts it because this time they are a valid sudoer

It then downloads via curl the disk image
mounts it
copies the RuskDesk.app to the Applications folder
launches the app

if however I then check the settings in the app by clicking on the three dots next to the ID line on the left of the window, then click on Network, unlock network settings and then click on ID/Relay server - I find the settings are empty.

Investigation reveals the cause is that because as a fresh setup the folder containing the preferences for RustDesk is created and owned by root and NOT accessible by the user

ls -la ~/Library/Preferences/com.carrier.RustDesk/

drwx------+    4 root       staff     7520  7 Jan 16:17 .
drwx------+  168 tempadmin  staff     2528  7 Jan 16:17 ..
-rw-------     1 root       staff      991  7 Jan 16:17 RustDesk.toml
-rw-------     1 root       staff      341  7 Jan 16:17 RustDesk2.toml

Workaround2
executing sudo chown -R tempadmin ~/Library/Preferences/com.carrier.RustDesk
and then relaunching the RustDesk app and going to the same settings screen reveals this has allowed the app to read the settings correctly

Attempt3

  1. login as admin user
  2. open Terminal.app
  3. execute the script (with cfg string) to install and configure the RustDesk desktop app, but this time prefix with sudo
  4. enter the user password when asked

Result3
Identical to Result2 - the preference folder is created and owned by root and hence cannot be accessed when the user runs the app

Attempt4

  1. login as admin user
  2. open Terminal.app
  3. type mkdir ~/Library/Preferences/com.carriez.Rustdesk first to pre-create the folder as the user not root
  4. execute the script (with cfg string) to install and configure the RustDesk desktop app
  5. enter the user password when asked

Result4
The disk image is downloaded the app is copied to the /Applications folder, the preferences are imported but this time because the folder has the right permission the app can successfully read them.

Workaround4
Based on Attempt4 inserting the following line in to the script between lines 12 and 13 should help


mkdir ~/Library/Preferences/com.carriez.Rustdesk

Expected Behavior

The provided script should result in the preferences folder being created with the correct ownership to allow the successful installation and importing of the settings. It clearly does not.

Furthermore the deployment process should NOT require the user to be an admin level user as this is contrary to typical security practises.

Operating system(s) on local (controlling) side and remote (controlled) side

macOS Sequoia 15.2

RustDesk Version(s) on local (controlling) side and remote (controlled) side

1.3.6 -> 1.3.6

Screenshots

Not applicable

Additional Context

However whilst the above fully details the problem and a successful workaround as detailed in attempt4 I would say that there are clearly a bigger issues.

  1. The settings for RustDesk on a Mac are in the individual users home directory, this makes it much harder (but not impossible) to automate this in an enterprise.
  2. The settings are not stored in a standard (Mac) plist file format.
  3. Due to both of the above the settings cannot be deployed to Macs via an MDM (Mobile Device Management) solution like Jamf Pro or even Microsoft Intune.

However my ideal goal would be as follows.

  1. Install the app via a standard (Mac) enterprise tool such as Jamf Pro, Munki, etc. that is copy it to the /Applications directory
  2. Send to the client Macs via an MDM solution the config string - this could be (if the app allows) targeted to the computer in which case any user running the app should use the same identical config string in a 'Managed' preference plist file as supplied by the MDM, or it is also possible to send the config as a mobileconfig file aka managed preference targeted to an individual user or to all users, the RustDesk app should in this scenario when launched read the preference provided by an MDM solution

As far as I can see it is impossible to use the provided script as a non-admin user even if one pre-creates the preference folder.

You may want to look at the following code snippet which might help you make a script which can do operations both as 'root' and as the user currently logged in to the Mac.

#!/bin/bash

# This script should be launched via a Mac management tool e.g. Jamf Pro, Munki, etc which runs such scripts automatically as root level
# This script then checks to see if a real user is logged in, finds their details and then can launch a sub-task as the user
# It therefore allows combining root level access but targeting the logged in user

loggedInUser=$(stat -f%Su /dev/console)
loggedInUID=$(id -u "$loggedInUser")

if [[ "$loggedInUser" != "root" ]] || [[ "$loggedInUID" -ne 0 ]]; then

cat << EOF > /private/tmp/userscript.sh
#!/bin/bash
echo "user script lines to be included here"

exit 0
EOF

echo "other root level commands here"

else
    echo "No user logged in. Can't run as user, so exiting"
    exit 0
fi

if [ -e /private/tmp/script.sh ]; then
    /bin/chmod +x /private/tmp/userscript.sh
   # following line launches the above script as the logged in user and not via sudo or root
    /bin/launchctl asuser "$loggedInUID" sudo -iu "$loggedInUser" "/private/tmp/userscript.sh"
    sleep 2
    echo "Cleaning up..."
    /bin/rm -f "/private/tmp/script.sh"
else
    echo "Oops! Couldn't find the script to run. Something went wrong!"
    exit 1
fi
Originally created by @jelockwood on GitHub (Jan 7, 2025). ### Bug Description We are currently testing RustDesk desktop with the OSS server. We have successfully built/configured the server and have successfully _manually_ configured RustDesk desktop on Mac to connect to a Windows machine and vice versa. However our ultimate goal is to then deploy the RustDesk desktop client to all our Macs and to automate this as much as possible. Like many organisations we do not want to give our users local admin privileges on their (Mac) computers. In testing this I have therefore observed problems which make it difficult to impossible to automate mass deployment. See further notes in the 'How to Reproduce' section. ### How to Reproduce First testing using a local non-admin level user account. I ran the provided example macOS deployment bash script as listed at https://rustdesk.com/docs/en/self-host/client-deployment/ and inserted the correct valid value for the rustdesk_cfg Attempt 1 1. login as non-admin user 2. open Terminal.app 3. execute the script (with cfg string) to install and configure the RustDesk desktop app Result1 It asks for a password ```sudo: a password is required``` This corresponds to line 12 of the provided script which reads - ```[ "$UID" -eq 0 ] || exec sudo bash "$0" "$@"``` If the user types their own password it will still fail as they are not a 'sudoer' Note: Even if one ignores the above issue I would expect a non-admin user would then get a subsequent failure as they would not have the required permission to allow the script to copy the RustDesk.app from the downloaded and mounted disk image to the /Applications folder. Attempt2 1. login as admin user 2. open Terminal.app 3. execute the script (with cfg string) to install and configure the RustDesk desktop app Result2 It asks for a password ```sudo: a password is required``` This corresponds to line 12 of the provided script which reads - ```[ "$UID" -eq 0 ] || exec sudo bash "$0" "$@"``` If one enters the users password it accepts it because this time they are a valid sudoer It then downloads via curl the disk image mounts it copies the RuskDesk.app to the Applications folder launches the app if however I then check the settings in the app by clicking on the three dots next to the ID line on the left of the window, then click on Network, unlock network settings and then click on ID/Relay server - I find the settings are empty. Investigation reveals the cause is that because as a fresh setup the folder containing the preferences for RustDesk is created and owned by root and NOT accessible by the user ``` ls -la ~/Library/Preferences/com.carrier.RustDesk/ drwx------+ 4 root staff 7520 7 Jan 16:17 . drwx------+ 168 tempadmin staff 2528 7 Jan 16:17 .. -rw------- 1 root staff 991 7 Jan 16:17 RustDesk.toml -rw------- 1 root staff 341 7 Jan 16:17 RustDesk2.toml ``` Workaround2 executing ```sudo chown -R tempadmin ~/Library/Preferences/com.carrier.RustDesk``` and then relaunching the RustDesk app and going to the same settings screen reveals this has allowed the app to read the settings correctly Attempt3 1. login as admin user 2. open Terminal.app 3. execute the script (with cfg string) to install and configure the RustDesk desktop app, but this time prefix with sudo 4. enter the user password when asked Result3 Identical to Result2 - the preference folder is created and owned by root and hence cannot be accessed when the user runs the app Attempt4 1. login as admin user 2. open Terminal.app 3. type ```mkdir ~/Library/Preferences/com.carriez.Rustdesk``` first to pre-create the folder as the user not root 5. execute the script (with cfg string) to install and configure the RustDesk desktop app 6. enter the user password when asked Result4 The disk image is downloaded the app is copied to the /Applications folder, the preferences are imported _but this time because the folder has the right permission the app can successfully read them_. Workaround4 Based on Attempt4 inserting the following line in to the script between lines 12 and 13 should help ``` mkdir ~/Library/Preferences/com.carriez.Rustdesk ``` ### Expected Behavior The provided script should result in the preferences folder being created with the correct ownership to allow the successful installation and importing of the settings. It clearly does not. Furthermore the deployment process should NOT require the user to be an admin level user as this is contrary to typical security practises. ### Operating system(s) on local (controlling) side and remote (controlled) side macOS Sequoia 15.2 ### RustDesk Version(s) on local (controlling) side and remote (controlled) side 1.3.6 -> 1.3.6 ### Screenshots Not applicable ### Additional Context However whilst the above fully details the problem and a successful workaround as detailed in attempt4 I would say that there are clearly a bigger issues. 1. The settings for RustDesk on a Mac are in the individual users home directory, this makes it much harder (but not impossible) to automate this in an enterprise. 2. The settings are not stored in a standard (Mac) plist file format. 3. Due to both of the above the settings cannot be deployed to Macs via an MDM (Mobile Device Management) solution like Jamf Pro or even Microsoft Intune. However my ideal goal would be as follows. 1. Install the app via a standard (Mac) enterprise tool such as Jamf Pro, Munki, etc. that is copy it to the /Applications directory 2. Send to the client Macs via an MDM solution the config string - this could be (if the app allows) targeted to the computer in which case any user running the app should use the same identical config string in a 'Managed' preference plist file as supplied by the MDM, or it is also possible to send the config as a mobileconfig file aka managed preference targeted to an individual user or to all users, the RustDesk app should in this scenario when launched read the preference provided by an MDM solution As far as I can see it is _impossible_ to use the provided script as a non-admin user even if one pre-creates the preference folder. You may want to look at the following code snippet which might help you make a script which can do operations _both_ as 'root' and as the user currently logged in to the Mac. ``` #!/bin/bash # This script should be launched via a Mac management tool e.g. Jamf Pro, Munki, etc which runs such scripts automatically as root level # This script then checks to see if a real user is logged in, finds their details and then can launch a sub-task as the user # It therefore allows combining root level access but targeting the logged in user loggedInUser=$(stat -f%Su /dev/console) loggedInUID=$(id -u "$loggedInUser") if [[ "$loggedInUser" != "root" ]] || [[ "$loggedInUID" -ne 0 ]]; then cat << EOF > /private/tmp/userscript.sh #!/bin/bash echo "user script lines to be included here" exit 0 EOF echo "other root level commands here" else echo "No user logged in. Can't run as user, so exiting" exit 0 fi if [ -e /private/tmp/script.sh ]; then /bin/chmod +x /private/tmp/userscript.sh # following line launches the above script as the logged in user and not via sudo or root /bin/launchctl asuser "$loggedInUID" sudo -iu "$loggedInUser" "/private/tmp/userscript.sh" sleep 2 echo "Cleaning up..." /bin/rm -f "/private/tmp/script.sh" else echo "Oops! Couldn't find the script to run. Something went wrong!" exit 1 fi ```
deekerman 2026-02-21 01:12:48 -05:00
  • closed this issue
  • added the
    bug
         label
deekerman commented 2026-02-21 01:12:55 -05:00
Author
Owner
Copy link

@rustdesk commented on GitHub (Jan 7, 2025):

#763

@rustdesk commented on GitHub (Jan 7, 2025): #763
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
avatar
copilot/fix-discussion-14282-issue
copilot/fix-h265-image-quality-issue
fix-mobile-mouse-hover-issue-8789
ios
sciterjs
nightly
1.4.5
1.4.4
1.4.3
1.4.2
1.4.1
1.4.0
1.3.9
1.3.8
1.3.7
1.3.6
1.3.5
1.3.4
1.3.3
1.3.2
1.3.1
1.3.0
1.2.7
1.2.6
1.2.5
1.2.4
fdroid-version
1.2.3-2
1.2.3-1
1.2.3
1.2.2
1.2.1
1.2.0
1.1.9
1.1.8
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
Labels
Clear labels   
bug

   
documentation

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
question

   
unreproducible

   
wontfix
No labels
bug
documentation
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
question
unreproducible
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/rustdesk-rustdesk#3220
No description provided.