Skip to main content

JAMF Nation folks! I am looking to run a policy within my JAMF Helper script based on the end user's input. Note that most users will not have administrative privileges so this needs to run on standard accounts. Please have a look below and let me know if this is possible.



#!/bin/bash



/usr/bin/curl -s -o /tmp/elcapitan_icon.png http://assets.materialup.com/uploads/ec819071-7140-4c6d-89ac-81b712642fcb/512x512bb-85.png

loggedInUser=$(stat -f%Su /dev/console)

jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"

windowType="hud"

description="Your <CompanyName>-issued computer is not currently running the latest OS X version. To perform the update, select 'UPDATE' below and the security update will begin to run. Once complete, you will be prompted to restart immediately. If you are unable to perform this update at the moment, please select 'Cancel.'



*Please save all working documents before selecting 'UPDATE.'



If you require assistance, please contact the Helpdesk by phone at <PhoneNumber> or by email at <EmailAddress>."



button1="UPDATE"

button2="Cancel"

icon="/tmp/elcapitan_icon.png"

title="Update Available: Install OS X El Capitan"

alignDescription="left" 

alignHeading="center"

defaultButton="2"

cancelButton="2"

timeout="300"



userChoice=$("$jamfHelper" -windowType "$windowType" -lockHUD -title "$title" -timeout "$timeout" -defaultButton "$defaultButton" -cancelButton "$cancelButton" -icon "$icon" -description "$description" -alignDescription "$alignDescription" -alignHeading "$alignHeading" -button1 "$button1" -button2 "$button2")



if [ "$userChoice" == "0" ]; then

    echo "User clicked UPDATE; now running OS X El Capitan Installer via JSS policy ID 547."

    /bin/launchctl asuser $(id -u $loggedInUser) sudo -iu $loggedInUser "jamf policy -id 547"

elif [ "$userChoice" == "2" ]; then

    echo "User clicked Cancel or timeout was reached; now exiting."

    exit 0    

fi


The problematic line is this:



/bin/launchctl asuser $(id -u $loggedInUser) sudo -iu $loggedInUser "jamf policy -id 547"


I am effectively just trying to run "sudo jamf policy -id 547" but for reasons that are fairly obvious, I am unable to. Is there a way around this without using Self Service?

You don't need to try running the policy as the user, which is what you're doing. It still requires root to run any policy so that process would never work. Just simply call the policy using sudo jamf policy -id 547 normally. There shouldn't be a need to wrap it in a launchctl asuser syntax like that.



The only time it's relevant to run a policy as the logged in user is if it's designed as a login or logout policy, otherwise just call it normally by its id.

@mm2270 Yup! I'm all set, this post took a bit to get published--unclear why. Regardless, thanks for the feedback!

Terms & ConditionsCookie settings