Calling osascript not working in High Sierra

jon_mann
New Contributor III

Hi All,

I was utilizing the logout script featured in this discussion (https://www.jamf.com/jamf-nation/discussions/9902/forcing-logout-to-kick-off-filevault2) for enabling FileVault2.

## Get the logged in user's name
loggedInUser=$( ls -l /dev/console | awk '{print $3}' )
## Get the PID of the logged in user
loggedInPID=$( ps -axj | awk "/^$loggedInUser/ && /Dock.app/ {print $2;exit}" )

## Use the above to run Applescript command to logout using keystroke commands
/bin/launchctl bsexec "${loggedInPID}" sudo -iu "${loggedInUser}" "/usr/bin/osascript -e 'tell application "System Events" to keystroke "q" using {command down, option down, shift down}'"

I am noticing that this script is now unsuccessful in High Sierra with the following error:

Script exit code: 127 Script result: -bash: /usr/bin/osascript -e 'tell application "System Events" to keystroke "q" using {command down, option down, shift down}': No such file or directory Error running script: return code was 127.

Running each line individually from the shell is successful. The error is only present when packaging as a script. I've confirmed that /usr/bin/osascript is present for these users.

Can anyone think of any changes in High Sierra that may prevent this from working? OR maybe a more elegant way to accomplish a logout in High Sierra?

Thanks!

7 REPLIES 7

mm2270
Legendary Contributor II

/bin/launchctl bsexec hasn't worked since around 10.10. You need to use /bin/launchctl asuser. A couple of other important tidbits. I eventually figured out was that the command it's running shouldn't be contained in quotes anymore, like it needed back when we used to use bsexec. Lastly, instead of getting a logged in PID, get a logged in user UID. So, change the above to look like this:

## Get the logged in user's name
loggedInUser=$( ls -l /dev/console | awk '{print $3}' )
## Get the UID of the logged in user
loggedInUID=$(id -u "$loggedInUser")

## Use the above to run Applescript command to logout using keystroke commands
/bin/launchctl asuser "${loggedInUID}" sudo -iu "${loggedInUser}" /usr/bin/osascript -e 'tell application "System Events" to keystroke "q" using {command down, option down, shift down}'

Give that a try and see if it works.

One other point, you might want to consider seeing if an applescript event call would work better for you.

/usr/bin/osascript -e 'tell application "loginwindow" to «event aevtrlgo»

jon_mann
New Contributor III

Thanks for the response. I must admit, I copy/pasted from that article without including the fact that I did adjust to 'asuser'

I was however, missing the curly braces outside of loggedInUID. I just had success on a test machine with that change and am having a few more users test. I think this may do it. Thank you for your help!

mm2270
Legendary Contributor II

I doubt the missing curly brackets was the issue. I've used similar commands without the curly braces and never had an issue. Not sure what else may have been at fault, but glad you got it working anyway.

jon_mann
New Contributor III

Interesting. So after adding the curly brackets (and missing " " around loggedInUID) the script no longer works on El Capitan. I get the following error:
Script result: 4:4: syntax error: Expected expression but found end of script. (-2741)<br/>

Here is a shot of that code that successfully works on High Sierra but not El Capitan:

## Get the logged in user's name
loggedInUser=$( ls -l /dev/console | awk '{print $3}' )
## Get the UID of the logged in user
loggedInUID=$(id -u "$loggedInUser")

## Use the above to run Applescript command to logout using keystroke commands
/bin/launchctl asuser "${loggedInUID}" sudo -iu "${loggedInUser}" /usr/bin/osascript -e 'tell application "System Events" to keystroke "q" using {command down, option down, shift down}'

Will there be a specific syntax that works for both OS versions? Or will I need to implement some logic to detect the OS version?

blinvisible
Contributor

I don't remember where I picked this up, but I've been using a heredoc to redirect the osascript into the user's shell. For example:

/usr/bin/su "${loggedInUser}" <<'ENDOFLINE'
/usr/bin/osascript -e 'tell application "System Events" to keystroke "q" using {command down, option down, shift down}'
ENDOFLINE

mm2270
Legendary Contributor II

@jon.mann I tested this on both a 10.12.6 and 10.13.3 system and they both seemed to work for me. This is only part of the larger script of course.

/bin/launchctl asuser $loggedInUID sudo -iu "$loggedInUser" /usr/bin/osascript -e 'tell application "loginwindow" to «event aevtrlgo»'

captam3rica
New Contributor III

I've been using the same launchctl asuser setup and it works well right now on 10.15.4.

get_current_user() {
    # Grab current logged in user
    printf '%s' "show State:/Users/ConsoleUser" | 
        /usr/sbin/scutil | 
        /usr/bin/awk '/Name :/ && ! /loginwindow/ {print $3}'
}


get_current_user_uid() {
    # Check to see if the current console user uid is greater than 501
    # Loop until either the 501 or 502 user is found.

    # Get the current console user again
    current_user="$1"

    CURRENT_USER_UID=$(/usr/bin/dscl . -list /Users UniqueID | 
        /usr/bin/grep "$current_user" | 
        /usr/bin/awk '{print $2}' | 
        /usr/bin/sed -e 's/^[ 	]*//')

    while [ $CURRENT_USER_UID -lt 501 ]; do
        logging "" "Current user is not logged in ... WAITING"
        /bin/sleep 1

        # Get the current console user again
        current_user="$(get_current_user)"
        CURRENT_USER_UID=$(/usr/bin/dscl . -list /Users UniqueID | 
            /usr/bin/grep "$current_user" | 
            /usr/bin/awk '{print $2}' | 
            /usr/bin/sed -e 's/^[ 	]*//')
        if [ $CURRENT_USER_UID -lt 501 ]; then
            logging "" "Current user: $current_user with UID ..."
        fi
    done
    printf "%s
" "$CURRENT_USER_UID"
}


message_to_user() {
    # Display an osascript message dialog back to the user based on provided input.
    #
    # "$NAME" - name of the app defined above.
    # "$ICON_PATH" - path to icon image being displayed in the dialog. Defined above.
    message="$1"

    cu="$(get_current_user)"
    cu_uid="$(get_current_user_uid $cu)"

    logging "debug" "CU: $cu"
    logging "debug" "UID: $cu_uid"

    # Display message using Apple script.
    /bin/launchctl asuser "$cu_uid" sudo -u "$cu" --login /usr/bin/osascript -e 'display dialog "'"$message"'" with title "'"$NAME"' Update Ready" buttons {"OK", "Cancel"} default button 1 with icon file "tmp:'$ICON_NAME'"'
}