Skip to main content

We have an application, Coginiti Pro, that requires a user to have elevated rights before installing on the Mac, or else the install doesn't work correctly.

We use Jamf Pro, and currently I've added some text to the Self-Service installation page telling users they need to elevate their rights before running the install. We use the Privileges app for temporary rights elevation.

I was wondering if I could script this. The current Coginiti Pro install we use is a script rather than a PKG. I'd like to add some code to the script that says "check if the current user is running as a standard user". If so, I'd display a message reminding the user to elevate their rights before proceeding.

Is something like that possible?

 

Here's the Extension Attribute I use:

 

#!/bin/bash # Script to detect if a computer has a local admin account on it with an UID of above 500 # Initialize array list=() # generate user list of users with UID greater than 500 for username in $(dscl . list /Users UniqueID | awk '$2 > 500 { print $1 }'); do # Checks to see which usernames are reported as being admins. The # check is running dsmemberutil's check membership and listing the # accounts that are being reported as admin users. Actual check is # for accounts that are NOT not an admin (i.e. not standard users.) if [[ $(dsmemberutil checkmembership -U "${username}" -G admin) != *not* ]]; then # Any reported accounts are added to the array list list+=("${username}") fi done # Prints the array's list contents echo "<result>${list[@]}</result>"

as Self Service runs as root, why can't it be installed via Self Service? 


as Self Service runs as root, why can't it be installed via Self Service? 


Remove the <results> and just have it echo the variable. The <results> field is for extension attributes only.


Sorry, I misread the original post.  You'd want something like this:

#!/bin/sh user=$(/usr/bin/who | /usr/bin/awk '/console/{ print $1 }') adminneeded=$(/usr/bin/dsmemberutil checkmembership -U "$user" -G admin) #Temporarily Grant Admin Rights to Standard User for App Install if [[ "$adminneeded" == *not* ]]; then /usr/sbin/dseditgroup -o edit -a $user -t user admin <<Do Work here>> /usr/sbin/dseditgroup -o edit -d $user -t user admin else <<Do Work here>> fi exit 0

as Self Service runs as root, why can't it be installed via Self Service? 


The Coginiti Pro install runs as a script rather than a package. Our original Jamf packager stated this was done because of ongoing rights issues with the installer. 

If a standard user runs the install from Self Service, they end up with a question mark icon for the application in their dock, and the dmg file doesn't get mounted and the application doesn't get installed into /Applications folder.

Everything works correctly if user has elevated their rights prior to the install.

 


The Coginiti Pro install runs as a script rather than a package. Our original Jamf packager stated this was done because of ongoing rights issues with the installer. 

If a standard user runs the install from Self Service, they end up with a question mark icon for the application in their dock, and the dmg file doesn't get mounted and the application doesn't get installed into /Applications folder.

Everything works correctly if user has elevated their rights prior to the install.

 


looks like its just a DMG from the vendor.. what happens if you use composer? just start composer.. modified.. start... then bin all the content, make an Applications folder, drag the app from the DMG to the Applications folder and make pkg from that? or use simple package creator? 

 


Sorry, I misread the original post.  You'd want something like this:

#!/bin/sh user=$(/usr/bin/who | /usr/bin/awk '/console/{ print $1 }') adminneeded=$(/usr/bin/dsmemberutil checkmembership -U "$user" -G admin) #Temporarily Grant Admin Rights to Standard User for App Install if [[ "$adminneeded" == *not* ]]; then /usr/sbin/dseditgroup -o edit -a $user -t user admin <<Do Work here>> /usr/sbin/dseditgroup -o edit -d $user -t user admin else <<Do Work here>> fi exit 0

Thanks for your explanation, Daniel. Wound up using code like this, based on your initial info:

#!/bin/sh # Get user user=$(/usr/bin/who | /usr/bin/awk '/console/{ print $1 }') # check membership adminneeded=$(/usr/bin/dsmemberutil checkmembership -U "$user" -G admin) # If user not elevated, display notification. # If user is elevated, perform the installation. if [[ "$adminneeded" == *not* ]]; then # User NOT elevated; show them the message # user is a standard user and needs to be notified to elevate before running the install. jh='/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper' jh_args=(\\ -windowType hud \\ -title "TITLE" \\ -heading "Elevated user rights required" \\ -icon /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/com.apple.pro-display-xdr.icns \\ -alignHeading left \\ -button1 "OK" \\ -defaultButton 1 \\ -description \\ ) message="Coginiti Pro requires elevated rights to install." # display message to user and exit the script "$jh" "${jh_args[@]}" "$message"; exit 1; else # run the install fi exit 0