Applescript with "do shell script 'chown...'" fails

Contributor III

Running 9.81, and trying to place an Applescript in Self Service that at one point runs:

do shell script "chown -R " & user_name & ":admin /Users/" & user_name & "" with administrator privileges

This portion of the script runs successfully when testing from Script Editor, but as soon as I test from a Self Service policy it fails without any usable error code.

I created a test Self Service policy that exclusively runs this command (as a shell script within an Applescript) and it still fails - I even removed the variable username and just put a username there in plain text. This command runs fine as a shell script in a Self Service policy - it's just when it is within an Applescript that it fails. I'm at a loss for why it works in Script Editor but not as a Self Service policy other than maybe something to do with the user the Self Service policy runs as...

I would just break this piece out into a separate shell script, but I'm passing around variables that are much more practical to contain all in one AppleScript script. Anyone else have any ideas on this - or run into something similar with chown's stubbornness when run within an Applescript?


Legendary Contributor III

Hi. Just a quick guess, but you may not need to include the with administrator privileges section in the AS call. When a policy is run from Self Service, it should already be running any scripts and/or commands as root or at least in an elevated fashion. Have you tried running it from Self Service without that administrator privileges section? If not, try that and see how it works.

Honored Contributor II
Honored Contributor II

A few things...

First, no need to have AppleScript call a shell script in Self Service if this is the only thing it's doing. You could simply use a shell script.

Looks like you may be following the command with an ampersand to let it continue running in the background. Yes? If so, the ampersand needs to be inside your quotes.

When calling a shell script from within AppleScript, I find it easier to assign the entire shell command to a variable and then call the variable.

set myCommand to "chown -R " & user_name & ":admin /Users/" & user_name & " &" as string
-- the command should look like "chown -R mmoose:admin /Users/mmoose &"
-- display dialog myCommand
do shell script myCommand

I've added a "display dialog" command in the script (commented from running) that should show you the command. Viewing the command like this is handy for troubleshooting.

Contributor III

Removing "with administrator privileges" unfortunately did not have any impact.

This particular script performs about 400 lines of additional actions for our workstation refresh - which is why the shell command is embedded within an Applescript rather than just using a shell script. For now I am using "log" throughout the script to get it to print text to the JSS policy log for easier identification of when/where the script is tripping up, which is how I've isolated things down to this command being the culprit of my overall Applescript failing.

I went back and tried running this again without the username as a variable and it worked! So something like this will run successfully:

set changeOwnership to "sudo chown -R fakeUserName:admin /Users/fakeUserName" as string
do shell script changeOwnership with administrator privileges

But something like my original example, where the username and folder path are populated with my user_name variable, fails.

So it seems that for some reason passing the variable into the command is where it is failing. I've tried explicating setting all of variables in this part of the script as strings and also not setting the variable type, and that hasn't made a difference either way. The weird thing is I have other shell commands inside of this Applescript that are also using variables and they work fine. Printing to the log shows that it is indeed applying the correct text to the user_name variable in the command string, but the chown command still fails to actually run.

I have not tried putting an ampersand at the end of the command to let it run in the background yet, so I'll give that a whirl...

Honored Contributor II
Honored Contributor II

Is user_name setting correctly? You could try do shell script "echo " & user_name somewhere in the script to see what user is being reported. The echo output should be added to the policy log.

Contributor III

Yeah I'm logging the variable to the JSS log with the "log" command to verify it is correct. I even log the entire command string prior to running it, and it logs correctly every time:

Example of script

set ownershipChange to "sudo chown -R " & user_name & ":admin /Users/" & user_name & " &" as string
                        log "Running " & ownershipChange & "..."
                        do shell script ownershipChange with administrator privileges

Example output to the log:

"Running sudo chown -R caroldanvers:admin /Users/caroldanvers..."

Honored Contributor II
Honored Contributor II

You could do a quick echo $? immediately after the command to see what exit code it gives you.