I'm trying to run a login script with root rules. Obviously without having to use a trigger for Login with JamfPRO. Does anyone have an idea?
Question
Login script with root privilege
+12Use a LaunchDaemon to run your script, it will run as root.
My login scripts are run as LaunchAgents - user privileges. I have a few operations that require root privileges to work. So the script that is running from the LaunchAgent login simply has a touch command in it, and it points to a watched file. The LaunchDaemon is set to watch for access to this watched file, and if found to run the script.
LaunchDaemon xml format below
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>UNIQUE_PROCESS_NAME</string>
<key>ProgramArguments</key>
<array>
<string>PATH/TO/SCRIPT.sh</string>
<string>-argument</string>
</array>
<key>WatchPaths</key>
<array>
<string>PATH/TO/THE/WATCHED/FILE</string>
</array>
</dict>
</plist>LaunchAgent xml below
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>UNIQUE_PROCESS_NAME</string>
<key>ProgramArguments</key>
<array>
<string>PATH/TO/LOGIN/SCRIPT.sh</string>
<string>-argument</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>In your Loginscript put
touch PATH/TO/THE/WATCHED/FILE
And when that executes the Daemon xml will run the script it points to.
I would then add in a
sleep 10
to await the Daemon script to complete. Change the 10 for however many seconds you think the process will take.
Hope this helps
Paul
+15As listed previously, a launch agent is the way that Apple recommends. Login and logout hooks still work, though... Lots of examples out there, but we're actually in the process of moving all that stuff INSIDE Jamf Pro instead of having it scattered all over the place.
+2Use a LaunchDaemon to run your script, it will run as root.
My login scripts are run as LaunchAgents - user privileges. I have a few operations that require root privileges to work. So the script that is running from the LaunchAgent login simply has a touch command in it, and it points to a watched file. The LaunchDaemon is set to watch for access to this watched file, and if found to run the script.
LaunchDaemon xml format below
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>UNIQUE_PROCESS_NAME</string>
<key>ProgramArguments</key>
<array>
<string>PATH/TO/SCRIPT.sh</string>
<string>-argument</string>
</array>
<key>WatchPaths</key>
<array>
<string>PATH/TO/THE/WATCHED/FILE</string>
</array>
</dict>
</plist>LaunchAgent xml below
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>UNIQUE_PROCESS_NAME</string>
<key>ProgramArguments</key>
<array>
<string>PATH/TO/LOGIN/SCRIPT.sh</string>
<string>-argument</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>In your Loginscript put
touch PATH/TO/THE/WATCHED/FILE
And when that executes the Daemon xml will run the script it points to.
I would then add in a
sleep 10
to await the Daemon script to complete. Change the 10 for however many seconds you think the process will take.
Hope this helps
Paul
Thank you this helped me out a alot
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.