Autolaunch webpage from policy on recurring check in errors

mssaffan
New Contributor II

Hi All,

I've been trying to get the JSS to autolaunch a web page from policy on both log in and recurring check in once per user per computer.

I've tried using both the open command and a Python script. Both work when run locally. And confusingly both also work when run via policy on log in. However they error most of the time when run using recurring check in, and ALWAYS error on recurring check in when Safari is not already open. Safari tries to open and then stops responding and must be force quit.

I'm a beginner at scripting so any help would be appreciated.

!/bin/sh

open -a /Applications/Safari.app/ -n "OurURL.com"
error Script exit code: 1 Script result: LSOpenURLsWithRole() failed with error -10810 for the URL ourURL.com.
31:82: execution error: An error of type -10810 has occurred. (-10810)

!/usr/bin/python

import webbrowser
webbrowser.open_new("OurURL.com")
error Script exit code: 0 Script result: 2017-01-17 11:43:54.067 osascript[11078:103603] CFPasteboardRef CFPasteboardCreate(CFAllocatorRef, CFStringRef) : failed to create global data
2017-01-17 11:43:54.068 osascript[11078:103603] CFPasteboardRef CFPasteboardCreate(CFAllocatorRef, CFStringRef) : failed to create global data
2017-01-17 11:43:54.069 osascript[11078:103603] CFPasteboardRef CFPasteboardCreate(CFAllocatorRef, CFStringRef) : failed to create global data
2017-01-17 11:43:54.069 osascript[11078:103603] CFPasteboardRef CFPasteboardCreate(CFAllocatorRef, CFStringRef) : failed to create global data
2017-01-17 11:43:54.071 osascript[11078:103603] CFPasteboardRef CFPasteboardCreate(CFAllocatorRef, CFStringRef) : failed to create global data
2017-01-17 11:43:54.072 osascript[11078:103603] CFPasteboardRef CFPasteboardCreate(CFAllocatorRef, CFStringRef) : failed to create global data

7 REPLIES 7

thoule
Valued Contributor II

First, the open command can take a URL directly (open https://mywebsite.edu). However what you are running into is how the root user is not allowed (by Apple) to interact with the user session. There are plenty of discussions on this topic on this forum. Look for running scripts as the user. Sadly, none of those solutions are easy or reliable.

mssaffan
New Contributor II

Great thanks for your input.

On searching the forums I found a topic on something similar, but it wasn't about recurring check in.

Any idea why it works fine on log in but not recurring check in?

mm2270
Legendary Contributor III

Because "log in" runs items in the user context, but with elevated privileges. "Recurring check-in" is kicked off by the jamf LaunchDaemon which runs everything as root. Hence the difference in the results. As @thoule pointed out, if this needs to run as Recurring check-in, you'll need to script it to run the open command in the user context for it to work correctly.

mssaffan
New Contributor II

Great, I'll give it a shot. Thanks!!

iJake
Valued Contributor

Here is a handy function that will handle running a command in the user context for you.

launchApp()
{
su - "$1" -c "$2"
echo "Launching app: $2 as user: $1..."
}

and the usage is:

launchApp "USERNAME" "COMMAND"

Look
Valued Contributor III

Here is a rather dated Bash script I wrote that kinda does the same thing, although it just uses the default browser rather than specifically using Safari. It waits for a user and Finder before attempting with code that could really be cleaned up but it still works at least as a login policy.

#!/bin/bash
The_URL="$4"
(
RunCount=0
Limit=30
Current_User="NONE_NADA_ZIP"
while [[ -z "$(ps -c -u $Current_User | awk /Finder/)" ]]  && [[ "$RunCount" -lt "$Limit" ]]; do
let RunCount=$RunCount+1
sleep 2
Current_User=$(stat -f%Su /dev/console)
done
if [ "$The_URL" ] && [ "$(ps -ax -u $Current_User | awk '/Finder/ && !/awk/')" ]; then
sleep 1
/usr/bin/osascript<<END
tell application "Finder"
open location "$The_URL"
end tell
END
fi 
) &

mssaffan
New Contributor II

after searching I tried the following. It worked inconsistently on check in and as stated I'm a bit of a beginner so I'm not sure it's correct. In the end my company decided they just wanted it on log in anyways. So the other simple scripts we created initially work fine.

Thanks again!

#!/bin/bash

currentuser=$(/bin/ls -la /dev/console | /usr/bin/cut -d ' ' -f 4)
sudo -u $currentuser open "https://www.ourURL.com"