Posted on 05-09-2024 05:32 PM
I am having a little brain fart here, but I'm sure it's simple. When I run this jamf policy using the event flag from Terminal, it runs just fine (probably because it prompts for my credentials). But if I try to run it from self service, I get an error that a Terminal is required for the password.
Script:
#!/bin/bash
#Find current logged in user
loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
#Runs SysDiagnose as Current User
su $loggedInUser -c "sudo /usr/bin/sysdiagnose -u -f ~/Desktop/"
Error:
I want users to have the capability to run SysDiagnose from Self Service, without it prompting for a password.
Solved! Go to Solution.
05-09-2024 05:39 PM - edited 05-09-2024 05:42 PM
Nevermind, I figured it out...
New Script:
#!/bin/bash
#Find current logged in user
loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
#Runs SysDiagnose and places ZIP on User's Desktop
/usr/bin/sysdiagnose -u -f /Users/$loggedInUser/Desktop
05-09-2024 05:39 PM - edited 05-09-2024 05:42 PM
Nevermind, I figured it out...
New Script:
#!/bin/bash
#Find current logged in user
loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
#Runs SysDiagnose and places ZIP on User's Desktop
/usr/bin/sysdiagnose -u -f /Users/$loggedInUser/Desktop
2 weeks ago
Thanks for posting this! I made a modification to instead store the sysdiagnose data in /usr/local/Management, a folder I create in a lot of my scripts to be a storage location. A follow up script can handle copying the file to a Mac's Jamf Pro inventory where I can download it when needed. For some things, I don't want to disturb the user.
#!/bin/bash
# Location of the Management folder
managementFolder="/usr/local/Management/"
# Create Management folder if it doesn't exist
if ! [ -d "$managementFolder" ]; then
echo "Creating Management folder"
mkdir "$managementFolder"
else
echo "Managefolder exists..."
fi
#Runs SysDiagnose and places ZIP in the Management folder
echo "Running sysdianose. Saving to $managementFolder."
/usr/bin/sysdiagnose -u -f ${managementFolder}
a week ago
Thanks for the insight! How would one download the file from the Jamf Pro inventory? I typically am ok with the sysdiagnose going to the desktop, as I would only be doing that while working with the user. But it's interesting to figure out how to download the file later.
a week ago - last edited a week ago
My policy uses the script that I posted above with the "Before" priority and this script that I got from Github with the "After" priority. I modified the script from https://github.com/kc9wwh/logCollection/blob/master/logCollection.sh. It's below. I changed it to use a bearer token and I changed the variables to work better with what I needed. I created a function called "jamfAPI_auth" that I use in every script that uses the Jamf API.
#!/bin/bash
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# Copyright (c) 2020 Jamf. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# * Neither the name of the Jamf nor the names of its contributors may be
# used to endorse or promote products derived from this software without
# specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY JAMF SOFTWARE, LLC "AS IS" AND ANY
# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL JAMF SOFTWARE, LLC BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# This script was designed to be used in a Self Service policy to allow the facilitation
# or log collection by the end-user and upload the logs to the device record in Jamf Pro
# as an attachment.
#
# REQUIREMENTS:
# - Jamf Pro
# - macOS Clients running version 10.13 or later
#
#
# For more information, visit https://github.com/kc9wwh/logCollection
#
# Written by: Joshua Roskos | Jamf
# Modified 2024-08-21 Howie Isaacks
# Added Jamf auth function, modified variables
#
# Revision History
# 2020-12-01: Added support for macOS Big Sur
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
## Variables
logFiles="$4"
## System Variables
mySerial=$( system_profiler SPHardwareDataType | grep Serial | awk '{print $NF}' )
currentUser=$( stat -f%Su /dev/console )
compHostName=$( scutil --get LocalHostName )
timeStamp=$( date '+%Y-%m-%d-%H-%M-%S' )
osMajor=$(/usr/bin/sw_vers -productVersion | awk -F . '{print $1}')
osMinor=$(/usr/bin/sw_vers -productVersion | awk -F . '{print $2}')
## Log Collection
fileName=$compHostName-$currentUser-$timeStamp.zip
zip -r /private/tmp/$fileName $logFiles
function jamfAPI_auth() {
# API login
jamfProURL="https://yourcompany.jamfcloud.com"
username="apiuser"
password="SuperDuperSecretPassword!"
# request auth token
authToken=$( /usr/bin/curl \
--request POST \
--silent \
--url "$jamfProURL/api/v1/auth/token" \
--user "$username:$password" )
# parse auth token
token=$( /usr/bin/plutil \
-extract token raw - <<< "$authToken" )
tokenExpiration=$( /usr/bin/plutil \
-extract expires raw - <<< "$authToken" )
localTokenExpirationEpoch=$( TZ=GMT /bin/date -j \
-f "%Y-%m-%dT%T" "$tokenExpiration" \
+"%s" 2> /dev/null )
}
jamfAPI_auth
echo "$token"
## Upload Log File
if [[ "$osMajor" -ge 11 ]]; then
jamfProID=$( curl -k -H "Accept: text/xml" -H "Authorization: Bearer ${token}" $jamfProURL/JSSResource/computers/serialnumber/$mySerial/subset/general | xpath -e "//computer/general/id/text()" )
elif [[ "$osMajor" -eq 10 && "$osMinor" -gt 12 ]]; then
jamfProID=$( curl -k -H "Authorization: Bearer ${token}" $jamfProURL/JSSResource/computers/serialnumber/$mySerial/subset/general | xpath "//computer/general/id/text()" )
fi
curl -k -H "Authorization: Bearer ${token}" $jamfProURL/JSSResource/fileuploads/computers/id/$jamfProID -F name=@/private/tmp/$fileName -X POST
## Cleanup
rm /private/tmp/$fileName
exit 0