Skip to main content
Solved

Calling custom-trigger from script

  • September 20, 2017
  • 3 replies
  • 0 views

Forum|alt.badge.img+15

We have a script which I'm attempting to run once a week via a launchd task. Launchd appears to be working normally, script launches, but at the end of the script it calls a JSS policy via a custom trigger. This portion of the script appears to be failing. If I run the script manually, it tells me "There was an error. This application must be run as root. Try the sudo command." Running with sudo produces the desired result.

What is the best-practice in terms of having launchd execute the script with admin/root privileges?

My launch daemon plist is in /Library/LaunchDaemons, ownership set to root:wheel, -rw-r--r--

Script itself is located in /Library/Application Support/JAMF/Scripts, and similarly, root wheel -rwxr-xr-x

It appears that the "jamf -policy -event <trigger> command in the script is where it is asking for sudo - what is the best way to make this run correctly when triggered by launchd?

Best answer by mm2270

LaunchDaemons always run with root privileges. There's nothing to do to make that happen, so that isn't the reason it's failing. Plenty of us use LaunchDaemons to run root level tasks or scripts with root. In fact, the "Recurring Check-in" trigger is really just being run by one of the Jamf LaunchDaemons. It just calls /usr/local/jamf/bin/jamf policy -randomDelaySeconds <integer>

It's possible it's not working because the script itself doesn't use the full path to the jamf binary. Edit the script to either locate the path to the jamf binary, or just hardcode it in. Unload and reload the LaunchDaemon and try it again.

View original
Did this topic help you find an answer to your question?

3 replies

mm2270
Forum|alt.badge.img+16
  • Legendary Contributor
  • 7880 replies
  • Answer
  • September 20, 2017

LaunchDaemons always run with root privileges. There's nothing to do to make that happen, so that isn't the reason it's failing. Plenty of us use LaunchDaemons to run root level tasks or scripts with root. In fact, the "Recurring Check-in" trigger is really just being run by one of the Jamf LaunchDaemons. It just calls /usr/local/jamf/bin/jamf policy -randomDelaySeconds <integer>

It's possible it's not working because the script itself doesn't use the full path to the jamf binary. Edit the script to either locate the path to the jamf binary, or just hardcode it in. Unload and reload the LaunchDaemon and try it again.


Forum|alt.badge.img+15
  • Author
  • Valued Contributor
  • 382 replies
  • September 20, 2017

I owe you one, again. Full path makes perfect sense, just hadn't occurred to me. I'll make the change and test.


Forum|alt.badge.img+15
  • Author
  • Valued Contributor
  • 382 replies
  • September 22, 2017

Apologies for the delay, but wanted to say "thanks again" @mm2270

"jamf policy -event <trigger>" hung the script every time, "/usr/local/jamf/bin/jamf policy -event <trigger>" works exactly as intended.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings