Jamf Nation Community

I wrote my response while eating breakfast so sorry for the lack of syntax. If you want scripts to run as the end user instead of as root, you have to modify your script to run as someone else. While I cannot vouch for your exact script, there's no reason it should not work other than running it as the user.

I would do something akin to this if I were to use your script verbatim with only necessary changes:

#!/bin/sh

# Start by getting the active console user. I found that this python string from another guys script does a great job of that for Self Service

user=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')

#This script mounts and opens a smb

#Unmount the drive if there is already a mounted drive
su $user diskutil unmount /Volumes/SelfService

#Remove the directory if there is a leftover (removes possible ghost drives)
su $user rm -rf /Volumes/SelfService

# Mount the drive 
su $user mount_script=`/usr/bin/osascript  > /dev/null << EOT
tell application "Finder"
mount volume "smb://svwsfxx/SelfService/"
end tell
EOT`

Again, I have not done this using your script but this construct should work...test it before passing judgement.

blackholemac thank you for the response. This clarifies some of my other problems too!

I get the following error-code after executing the posted script:

Password: /usr/sbin/diskutil: /usr/sbin/diskutil: cannot execute binary file Password: /bin/rm: /bin/rm: cannot execute binary file

This error is probably because the python script does not get recognized? Do i need to download something from python to make it work?

2018-01-12 13:54:34.123 osascript[73653:517493] kCFURLVolumeIsAutomountedKey missing for file:///Network/: Error Domain=NSCocoaErrorDomain Code=257 "The file “Network” couldn’t be opened because you don’t have permission to view it." UserInfo={NSURL=file:///Network/, NSFilePath=/Network, NSUnderlyingError=0x7fc37ae01a90 {Error Domain=NSPOSIXErrorDomain Code=13 "Permission denied"}} 2018-01-12 13:54:34.123 osascript[73653:517493] kCFURLVolumeNameKey missing for file:///Network/Servers/: Error Domain=NSCocoaErrorDomain Code=257 "The file “Servers” couldn’t be opened because you don’t have permission to view it." UserInfo={NSURL=file:///Network/Servers/, NSFilePath=/Network/Servers, NSUnderlyingError=0x7fc37ae030c0 {Error Domain=NSPOSIXErrorDomain Code=13 "Permission denied"}} 2018-01-12 13:54:34.124 osascript[73653:517493] kCFURLVolumeIsAutomountedKey missing for file:///Network/Servers/: Error Domain=NSCocoaErrorDomain Code=257 "The file “Servers” couldn’t be opened because you don’t have permission to view it." UserInfo={NSURL=file:///Network/Servers/, NSFilePath=/Network/Servers, NSUnderlyingError=0x7fc37ae033c0 {Error Domain=NSPOSIXErrorDomain Code=13 "Permission denied"}}

I got these with the old script too even though it worked.

71:71: syntax error: Expected “"” but found end of script. (-2741) Password: bash: mount_script=: No such file or directory

su &user does not work probably because the python part does not work?

I copied the Python chunk verbatim from another working script of mine that does dock management well as a self service policy. I don't care whether you use it really...you just need to run the script (or it's commands as a different user.

try this...go to command line and past the first line. Then for a sanity check, after the first line is successful and you are back at the prompt paste in the second line. The python chunk should be working if it gives you the name of the user that you are logged in as.

user=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')

echo $user

I also looked at the su $user line...maybe you change it to sudo -u $user <your command here>
That seems to work better in my testing

This is what I use:

#!/bin/bash
#2017 Version Samuel Look
#All care no responsibility
#Mounts the requested share if it doesn't already exist if left blank it will attempt to mount AD SMBhome
#Accepts shares in the form smb://server/share
#Intended to be run as a Login policy from Casper on AD bound machines only and has only been tested in this context.

##### Start seperate process #####
(

##### SUBROUTINES #####

Share_Path_Valid() {
if [[ -z "$Share_Path" ]]; then
Machine_Domain=$(dscl /Active Directory/ -read . SubNodes | awk '{print $2}')
Share_Path="$(dscl "/Active Directory/$Machine_Domain/All Domains" -read /Users/$Current_User SMBHome | awk '!/is not valid/' | sed -e 's/SMBHome: /smb:/g' -e 's/\///g')"
fi
if [[ "$Share_Path" ]]; then
logger "Sharemount:$Share_Name Path check PASS $Share_Path"
return 0
else
logger "Sharemount:$Share_Name Path check FAIL"
return 1
fi
}

#####

User_Ready() {
Loop_End=$((SECONDS + 60))
Current_User=$(stat -f%Su /dev/console | awk '!/root/')
while [[ -z "$Current_User" ]] && [[ $SECONDS -lt $Loop_End ]]; do
sleep 10
Current_User=$(stat -f%Su /dev/console | awk '!/root/')
done
if [[ "$Current_User" ]]; then
logger "Sharemount:$Share_Name User check PASS $Current_User"
return 0
else
logger "Sharemount:$Share_Name User check FAIL"
return 1
fi
}

#####

Finder_Ready() {
Loop_End=$((SECONDS + 60))
while [[ -z "$(ps -c -u $Current_User | awk /CoreServicesUIAgent/)" ]] && [[ $SECONDS -lt $Loop_End ]]; do
sleep 10
done
if [[ "$(ps -c -u $Current_User | awk /Finder/)" ]]; then
logger "Sharemount:$Share_Name Finder check PASS"
return 0
else
logger "Sharemount:$Share_Name Finder check FAIL"
return 1
fi
}

#####

Not_Mounted() {
if [[ -z "$(mount | awk '/'$Current_User'/ && //'$Share_Name' /')" ]]; then
logger "Sharemount:$Share_Name Mount check PASS $Share_Name"
return 0
else
logger "Sharemount:$Share_Name Mount check FAIL already mounted"
return 1
fi
}

#####

Mount_Drive() {
True_Path=$(echo $Share_Path | sed 's//////'$Current_User'@/g')
logger "Sharemount:$Share_Name Attempting to mount $True_Path"
sudo -u $Current_User osascript -e 'mount volume "'$True_Path'"'
}

##### START #####

Share_Path=$4
Share_Name="$(echo $Share_Path | awk -F"/" '{print $NF}')"

if User_Ready && Finder_Ready && Share_Path_Valid && Not_Mounted; then
sleep 4
Mount_Drive
else
logger "Sharemount:$Share_Name Conditions not met to attempt drive mounting $Share_Path"
fi

##### End seperate process #####
) &

##### FIN #####

blackholemagic
I tried the echo part and got my user, your code is working! Changing the command to -u $user did also work but it does not mount the smb. I get the following error now:

Unmount successful for /Volumes/Daten 2018-01-12 15:41:43.806 osascript[82053:582161] kCFURLVolumeIsAutomountedKey missing for file:///Network/: Error Domain=NSCocoaErrorDomain Code=257 "The file “Network” couldn’t be opened because you don’t have permission to view it." UserInfo={NSURL=file:///Network/, NSFilePath=/Network, NSUnderlyingError=0x7fe6b4e80ad0 {Error Domain=NSPOSIXErrorDomain Code=13 "Permission denied"}} 2018-01-12 15:41:43.807 osascript[82053:582161] kCFURLVolumeNameKey missing for file:///Network/Servers/: Error Domain=NSCocoaErrorDomain Code=257 "The file “Servers” couldn’t be opened because you don’t have permission to view it." UserInfo={NSURL=file:///Network/Servers/, NSFilePath=/Network/Servers, NSUnderlyingError=0x7fe6b4d10dd0 {Error Domain=NSPOSIXErrorDomain Code=13 "Permission denied"}} 2018-01-12 15:41:43.808 osascript[82053:582161] kCFURLVolumeIsAutomountedKey missing for file:///Network/Servers/: Error Domain=NSCocoaErrorDomain Code=257 "The file “Servers” couldn’t be opened because you don’t have permission to view it." UserInfo={NSURL=file:///Network/Servers/, NSFilePath=/Network/Servers, NSUnderlyingError=0x7fe6b4e87650 {Error Domain=NSPOSIXErrorDomain Code=13 "Permission denied"}} 71:71: syntax error: Expected “"” but found end of script. (-2741) usage: sudo -h | -K | -k | -V usage: sudo -v [-AknS] [-g group] [-h host] [-p prompt] [-u user] usage: sudo -l [-AknS] [-g group] [-h host] [-p prompt] [-U user] [-u user] [command] usage: sudo [-AbEHknPS] [-C num] [-g group] [-h host] [-p prompt] [-u user] [VAR=value] [-i|-s] [<command>] usage: sudo -e [-AknS] [-C num] [-g group] [-h host] [-p prompt] [-u user] file ...

Do i miss permission because i try it as user now? How can i get permission without entering the user password? Because there wont be a password via Self Service?

Asnyder
Thank you for your post. I found a similar script before but was not sure where i add the smb://path/directory ...
Am I right assuming that i need to change there Share path instead of the g?

/smb:/g' -e 's/\///g')"

under script parameters in jamf you put in in parameter 4.

I did not know about this feature. Thank you Asnyder!

I will let you guys know if i was able to make it.

Hey guys,

i promised an update:

blackholemagic your script worked very well! I tried to replace open smb://... instead of Mount_Drive and it feels as if it works faster. Do you know why this is? Are there any drawbacks using open?

@oddity-mdm would you mind sharing your final script? I am still getting the error message

'Script result: /usr/sbin/diskutil: /usr/sbin/diskutil: cannot execute binary file
/bin/rm: /bin/rm: cannot execute binary file
bash: mount_script=: No such file or directory'

Here is the script I use to mount the users folder.

#!/bin/bash

# Get the Username of the currently logged user
loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`

#Get the userdata share
userdataShare=`dscl /Search -read /Users/$loggedInUser | grep -m1 SMBHome:  | sed -e 's/SMBHome: //g' | sed 's/$/\$/g' | sed 's///\/g' | sed s'/.$//' > /private/var/tmp/udrive.txt`
echo $userdataShare

udrive=`sed 's.\./.g' /private/var/tmp/udrive.txt`
echo $udrive

if [ -d "/Volumes/$loggedInUser" ]; then
echo "<result>The drive is already mounted</result>"
open /Volumes/$loggedInUser
else
echo "Your CORP ID Number is: $loggedInUser"
echo "Your user folder is on $udrive"
echo "Your User drive is located at: smb:$udrive"

#Mounting User Drive
open smb:$udrive

rm -rf /private/var/tmp/udrive.txt

echo "Mount Successful"
fi
exit 0