Jamf Nation Community

gloper1977 · ‎11-04-2022

I am trying to create a Policy that copies an alias to the Desktop. I used composer to put the file in /Users/Shared and then a bash script that copies it to the desktop use the command "cp -R "/Users/Shared/IBM/IBM i Access" ~/Desktop". The alias is there but it is broken. If I go to /Users/Shared and try it from there it works just fine. It seems like it gets broken in the copy process. What am I doing wrong?

AJPinto · ‎11-07-2022

You need a variable to tell the command where the files need to go. ~/Desktop is the desktop for the currently logged in user, when JAMF is running the script that will be root so the path is being filled as "/users/root/desktop" hence your problems.

If this script will only be run from JAMF itself (not a part of a package or locally run) you can just use jamf parameters, "/users/$3/desktop" and JAMF will sort out the logged in user for you.

$1 = Mount point of the target drive. This is / if you're booted to the
target or /Volumes/targetDrive if you're not booted to it.
$2 = the computer name
$3 = the current user's shortname. If no one is logged in, $3 will be empty.

If you want to shove this in a package you will need an array to make the variable. Something like this should work fine, just keep in mind it wont work if no one is logged in.

#!/bin/bash


########################################################################
# Script Name: 
# Author: 
# Date: 
# Enhancements
# Comments:
########################################################################


#*=============================================================================
#*Defining Variables
#*=============================================================================

#----------------------DEFINE LOGGED IN USER----------------------------------#
#Stuff to figure out who is logged in
loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`
#Echo the logged in user so it will show in the policy logs
echo "User recognized as $loggedInUser"
#----------------------DEFINE LOGGED IN USER END------------------------------#

#function to do the thing
cp -R "/Users/Shared/IBM/IBM i Access" "/Users/$loggedInUser/desktop"

Lastly. JAMF Does not talk about this much, but there is a feature in JAMF called FUT and FEU. These flags are in JAMF Admin and JAMF > Settings > Packages. They both require the package to be a .dmg, and will not work with the .pkg format. The function is when checked JAMF will replace any user specific stuff like a file path, with the current user information on the device it is being run.

When using FEU if the file path you packaged the files in is "/Users/globper/Desktop". When I install the package JAMF will change the path automatically to "/users/AJPinto/Desktop".

If you package the files in a nonuser specific location, FUT nor FEU will work.

View solution in original post

karthikeyan_mac · ‎11-06-2022

@gloper1977 How are you fetching the current logged in user to copy the file to desktop? Policy runs as root so ~/Desktop refers to root desktop. You can try the below code. This will copy to the current logged in users desktop.

loggedinuser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
cp -R "/Users/Shared/IBM/IBM i Access" /Users/$loggedinuser/Desktop/

Thanks

gloper1977 · ‎11-07-2022

I was literally just doing ~/Desktop no calling the user. I don't generally do any to fancy in scripting. I am newer to scripting. I'll give your recommendation a try.

AJPinto · ‎11-07-2022

You need a variable to tell the command where the files need to go. ~/Desktop is the desktop for the currently logged in user, when JAMF is running the script that will be root so the path is being filled as "/users/root/desktop" hence your problems.

If this script will only be run from JAMF itself (not a part of a package or locally run) you can just use jamf parameters, "/users/$3/desktop" and JAMF will sort out the logged in user for you.

$1 = Mount point of the target drive. This is / if you're booted to the
target or /Volumes/targetDrive if you're not booted to it.
$2 = the computer name
$3 = the current user's shortname. If no one is logged in, $3 will be empty.

If you want to shove this in a package you will need an array to make the variable. Something like this should work fine, just keep in mind it wont work if no one is logged in.

#!/bin/bash


########################################################################
# Script Name: 
# Author: 
# Date: 
# Enhancements
# Comments:
########################################################################


#*=============================================================================
#*Defining Variables
#*=============================================================================

#----------------------DEFINE LOGGED IN USER----------------------------------#
#Stuff to figure out who is logged in
loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`
#Echo the logged in user so it will show in the policy logs
echo "User recognized as $loggedInUser"
#----------------------DEFINE LOGGED IN USER END------------------------------#

#function to do the thing
cp -R "/Users/Shared/IBM/IBM i Access" "/Users/$loggedInUser/desktop"

Lastly. JAMF Does not talk about this much, but there is a feature in JAMF called FUT and FEU. These flags are in JAMF Admin and JAMF > Settings > Packages. They both require the package to be a .dmg, and will not work with the .pkg format. The function is when checked JAMF will replace any user specific stuff like a file path, with the current user information on the device it is being run.

When using FEU if the file path you packaged the files in is "/Users/globper/Desktop". When I install the package JAMF will change the path automatically to "/users/AJPinto/Desktop".

If you package the files in a nonuser specific location, FUT nor FEU will work.

gloper1977 · ‎11-07-2022

This is excellent information, thank you very much. I will get to playing with it. It isn't a critical item right now, kind of a nice to have app deployment.

AJPinto · ‎11-07-2022

You are very welcome. I like to keep a dump of something I call "script snips" which is just common things I use in a lot of scripts. The user identification function is something I use a lot as I don't likely to rely on JAMF Parameters so I can use things outside of JAMF if needed. You would be amazed how often it becomes relevant to know who is logged in for something.

gloper1977 · ‎11-07-2022

With a combination of your suggestions and realizing the permissions issues with the pkg I have it working successfully thanks for your help.

gloper1977 · ‎11-07-2022

I also found that the pkg I created didn't have everyone permissions on the files. I had to edit the permissions and recreate the pkg.

mm2270 · ‎11-08-2022

In addition to the proposed solutions above, which is the right approach to take, I just wanted to point out that it's possible to create a real alias, not a symlink which isn't the same thing, using scripting, to point to anything that exists on the file system and can even be named (the alias) on the fly as it's being created.

However, it can only really be done using Applescript, which in the context of using scripts in Jamf, means calling osascript. This is perfectly fine, but to use it in today's macOS you typically have to deploy a PPPC profile to allow osascript to access things like the user's folders and to call processes like system events. But, I've done it in scripts, created aliases I mean, so I know it's possible.

If you're wondering why even bother to script something like this, well, to avoid having to create packages for one. No need to pre-create anything and pull it into Composer, create a PKG or DMG, upload it, etc etc. Plus, a single script can be used to create different alias, by replacing some hardcoded elements with script parameters and passing those down to it at run time, so it's flexible if you needed it for more than a single use.

Jamf Nation Community

Alias broken when copied to Desktop