Posted on 03-02-2018 08:00 AM
Hi All,
I was utilizing the logout script featured in this discussion (https://www.jamf.com/jamf-nation/discussions/9902/forcing-logout-to-kick-off-filevault2) for enabling FileVault2.
## Get the logged in user's name
loggedInUser=$( ls -l /dev/console | awk '{print $3}' )
## Get the PID of the logged in user
loggedInPID=$( ps -axj | awk "/^$loggedInUser/ && /Dock.app/ {print $2;exit}" )
## Use the above to run Applescript command to logout using keystroke commands
/bin/launchctl bsexec "${loggedInPID}" sudo -iu "${loggedInUser}" "/usr/bin/osascript -e 'tell application "System Events" to keystroke "q" using {command down, option down, shift down}'"
I am noticing that this script is now unsuccessful in High Sierra with the following error:
Script exit code: 127 Script result: -bash: /usr/bin/osascript -e 'tell application "System Events" to keystroke "q" using {command down, option down, shift down}': No such file or directory Error running script: return code was 127.
Running each line individually from the shell is successful. The error is only present when packaging as a script. I've confirmed that /usr/bin/osascript is present for these users.
Can anyone think of any changes in High Sierra that may prevent this from working? OR maybe a more elegant way to accomplish a logout in High Sierra?
Thanks!
Posted on 03-02-2018 08:23 AM
/bin/launchctl bsexec
hasn't worked since around 10.10. You need to use /bin/launchctl asuser
. A couple of other important tidbits. I eventually figured out was that the command it's running shouldn't be contained in quotes anymore, like it needed back when we used to use bsexec. Lastly, instead of getting a logged in PID, get a logged in user UID. So, change the above to look like this:
## Get the logged in user's name
loggedInUser=$( ls -l /dev/console | awk '{print $3}' )
## Get the UID of the logged in user
loggedInUID=$(id -u "$loggedInUser")
## Use the above to run Applescript command to logout using keystroke commands
/bin/launchctl asuser "${loggedInUID}" sudo -iu "${loggedInUser}" /usr/bin/osascript -e 'tell application "System Events" to keystroke "q" using {command down, option down, shift down}'
Give that a try and see if it works.
One other point, you might want to consider seeing if an applescript event call would work better for you.
/usr/bin/osascript -e 'tell application "loginwindow" to «event aevtrlgo»
Posted on 03-02-2018 10:30 AM
Thanks for the response. I must admit, I copy/pasted from that article without including the fact that I did adjust to 'asuser'
I was however, missing the curly braces outside of loggedInUID. I just had success on a test machine with that change and am having a few more users test. I think this may do it. Thank you for your help!
Posted on 03-02-2018 10:35 AM
I doubt the missing curly brackets was the issue. I've used similar commands without the curly braces and never had an issue. Not sure what else may have been at fault, but glad you got it working anyway.
Posted on 03-05-2018 09:26 AM
Interesting. So after adding the curly brackets (and missing " " around loggedInUID) the script no longer works on El Capitan. I get the following error:
Script result: 4:4: syntax error: Expected expression but found end of script. (-2741)<br/>
Here is a shot of that code that successfully works on High Sierra but not El Capitan:
## Get the logged in user's name
loggedInUser=$( ls -l /dev/console | awk '{print $3}' )
## Get the UID of the logged in user
loggedInUID=$(id -u "$loggedInUser")
## Use the above to run Applescript command to logout using keystroke commands
/bin/launchctl asuser "${loggedInUID}" sudo -iu "${loggedInUser}" /usr/bin/osascript -e 'tell application "System Events" to keystroke "q" using {command down, option down, shift down}'
Will there be a specific syntax that works for both OS versions? Or will I need to implement some logic to detect the OS version?
Posted on 03-05-2018 01:55 PM
I don't remember where I picked this up, but I've been using a heredoc to redirect the osascript into the user's shell. For example:
/usr/bin/su "${loggedInUser}" <<'ENDOFLINE'
/usr/bin/osascript -e 'tell application "System Events" to keystroke "q" using {command down, option down, shift down}'
ENDOFLINE
Posted on 03-05-2018 02:00 PM
@jon.mann I tested this on both a 10.12.6 and 10.13.3 system and they both seemed to work for me. This is only part of the larger script of course.
/bin/launchctl asuser $loggedInUID sudo -iu "$loggedInUser" /usr/bin/osascript -e 'tell application "loginwindow" to «event aevtrlgo»'
Posted on 04-17-2020 07:19 AM
I've been using the same launchctl asuser
setup and it works well right now on 10.15.4.
get_current_user() {
# Grab current logged in user
printf '%s' "show State:/Users/ConsoleUser" |
/usr/sbin/scutil |
/usr/bin/awk '/Name :/ && ! /loginwindow/ {print $3}'
}
get_current_user_uid() {
# Check to see if the current console user uid is greater than 501
# Loop until either the 501 or 502 user is found.
# Get the current console user again
current_user="$1"
CURRENT_USER_UID=$(/usr/bin/dscl . -list /Users UniqueID |
/usr/bin/grep "$current_user" |
/usr/bin/awk '{print $2}' |
/usr/bin/sed -e 's/^[ ]*//')
while [ $CURRENT_USER_UID -lt 501 ]; do
logging "" "Current user is not logged in ... WAITING"
/bin/sleep 1
# Get the current console user again
current_user="$(get_current_user)"
CURRENT_USER_UID=$(/usr/bin/dscl . -list /Users UniqueID |
/usr/bin/grep "$current_user" |
/usr/bin/awk '{print $2}' |
/usr/bin/sed -e 's/^[ ]*//')
if [ $CURRENT_USER_UID -lt 501 ]; then
logging "" "Current user: $current_user with UID ..."
fi
done
printf "%s
" "$CURRENT_USER_UID"
}
message_to_user() {
# Display an osascript message dialog back to the user based on provided input.
#
# "$NAME" - name of the app defined above.
# "$ICON_PATH" - path to icon image being displayed in the dialog. Defined above.
message="$1"
cu="$(get_current_user)"
cu_uid="$(get_current_user_uid $cu)"
logging "debug" "CU: $cu"
logging "debug" "UID: $cu_uid"
# Display message using Apple script.
/bin/launchctl asuser "$cu_uid" sudo -u "$cu" --login /usr/bin/osascript -e 'display dialog "'"$message"'" with title "'"$NAME"' Update Ready" buttons {"OK", "Cancel"} default button 1 with icon file "tmp:'$ICON_NAME'"'
}