Skip to main content
Solved

Script work in terminal but fails when pushed from policy

  • December 13, 2018
  • 5 replies
  • 26 views
B
Forum|alt.badge.img+8

Hello,

I have a simple script that informs users that they need to enable the securetoken of the local admin account. It works perfectly when I run it locally, but fails when I deploy it via Jamf. I keep getting the error message "Script result: 20:334: execution error: No user interaction allowed. (-1713)"

My script is below:

#!/bin/bash/

messageToDisplay="$4"
policyToExecute="$5"
policyAction="$6"

buttonClicked=$(osascript << EOF
button returned of (display dialog "$messageToDisplay" buttons {"OK", "Cancel"} default button 1)
EOF)

if [[ "$buttonClicked" == "OK" ]];then
open "jamfselfservice://content?entity=policy&id=$5&action=$6"
fi

Best answer by brndnwds6

Thank you everyone,

I was able resolve the issue by specifying the loggedInUser "$(stat -f%Su /dev/console)", userUID "$(id -u ${loggedInUser})" and by using "/bin/launchctl asuser" in combination with "sudo -iu $loggedInUser". My script is now working properly. Please see below:

messageToDisplay="$4"
policyToExecute="$5"
policyAction="$6"
loggedInUser=$(stat -f%Su /dev/console)
userUID=$(id -u ${loggedInUser})

buttonClicked=$(/bin/launchctl asuser "$userUID" sudo -iu $loggedInUser /usr/bin/osascript << EOF
button returned of (display dialog "$messageToDisplay" buttons {"OK", "Cancel"} default button 1)
EOF)

if [[ "$buttonClicked" == "OK" ]];then
sudo -iu $loggedInUser open "jamfselfservice://content?entity=policy&id=$5&action=$6"
fi

Hope this helps someone in the future!

5 replies

H
Forum|alt.badge.img+16
  • hkabik
  • Honored Contributor
  • 330 replies
  • December 13, 2018

Scripts pushed via policy run as root. So root would need to be logged in for the finder to display that dialog.

You probably want to alter the script so you are either directly instructing the SystemUIServer to display the dialog (that way it will pop up for any open UI instance) or have it run as the current logged in user.

R
Forum|alt.badge.img+18
  • ryan_ball
  • Contributor
  • 475 replies
  • December 13, 2018

This might work, a few issues with your script but I think I might have fixed them.

#!/bin/bash

messageToDisplay="$4"
policyToExecute="$5"
policyAction="$6"

buttonClicked=$(/usr/bin/osascript -e "button returned of (display dialog "$messageToDisplay" buttons {"Cancel", "OK"} default button 2)")

if [[ "$buttonClicked" == "OK" ]]; then
    open "jamfselfservice://content?entity=policy&id=$policyToExecute&action=$policyAction"
fi

exit 0
richardbm42uk
Forum|alt.badge.img+2
  • richardbm42uk
  • New Contributor
  • 1 reply
  • December 14, 2018

Firstly test your script with sudo to see if it works as root. If you find it doesn't, then you can add

thisUser=$(stat -f%Su /dev/console)
su - "$thisUser" -c '

Your script

'

to run it as the logged in user - which when dealing with UI stuff and AppleScript is usually quite a good idea anyway!

Otherwise, have a look in System Preferences > Security & Privacy > Privacy
See if there's something that Terminal's able to access for your machine that's not enabled on the test machine.

Hopefully this might be useful

B
Forum|alt.badge.img+8
  • brndnwds6
  • Author
  • Contributor
  • 30 replies
  • Answer
  • December 14, 2018

Thank you everyone,

I was able resolve the issue by specifying the loggedInUser "$(stat -f%Su /dev/console)", userUID "$(id -u ${loggedInUser})" and by using "/bin/launchctl asuser" in combination with "sudo -iu $loggedInUser". My script is now working properly. Please see below:

messageToDisplay="$4"
policyToExecute="$5"
policyAction="$6"
loggedInUser=$(stat -f%Su /dev/console)
userUID=$(id -u ${loggedInUser})

buttonClicked=$(/bin/launchctl asuser "$userUID" sudo -iu $loggedInUser /usr/bin/osascript << EOF
button returned of (display dialog "$messageToDisplay" buttons {"OK", "Cancel"} default button 1)
EOF)

if [[ "$buttonClicked" == "OK" ]];then
sudo -iu $loggedInUser open "jamfselfservice://content?entity=policy&id=$5&action=$6"
fi

Hope this helps someone in the future!

mm2270
Forum|alt.badge.img+24
  • mm2270
  • Legendary Contributor
  • 7886 replies
  • December 14, 2018

I realize you already found a solution, which is great! But I wanted to mention that you shouldn't need to use Applescript for this. There's nothing in this that requires it to be applescript, such as choose from list or something. It's just a simple dialog with buttons. If you switch it to jamfHelper, you should have an easier time with it. Example:

#!/bin/bash

messageToDisplay="$4"
policyToExecute="$5"
policyAction="$6"

buttonClicked=$("/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper" -windowType utility -description "$messageToDisplay" -button1 OK -button2 Cancel -defaultButton 1)

if [[ "$buttonClicked" == "0" ]]; then
    open "jamfselfservice://content?entity=policy&id=$policyToExecute&action=$policyAction"
fi

exit 0

That said, you might still need to add that sudo -iu $loggedInUser in front of the open command or it may not work due to the policy being run as root and all.


Terms & ConditionsCookie settingsAccessibility statement