Jamf Nation Community

Thanks. I thought this too. $3 does not update upon logging out as current user and logging in as another user. Also, $3 does not seem to update when a user is logged out of Self Service. Have you seen different behavior?

Thank you for the response.

@amuriello I'm not sure what you're attempting to do here. $3 absolutely is the user logged into Self Service. If I am logged into a machine as Foo and then login to Self Service as Bar, any policy that Bar triggers while in Self Service is run as Bar, not Foo.

@mscottblake Thank you for the response. I am attempting to determine the current logged in user to Self Service. You are correct that $3 is the user logged in to Self Service. However, when logging out as a user in Self Service - $3 is still set to that last logged in user. It should be null - since literally there is no user logged into Self Service at that point. Further, signing in as a different user does not update $3.

We are depending on the currently logged in user for a policy we need to run. Since $3 does not update itself reliably, I need to find another way to effectively determine this variable.

The value of $3 depends on the trigger being used to run your script:
- Self Service: $3 is the user logged into Self Service
- Login/Logout: $3 is the user logging into the OS session
- Recurring trigger: $3 is empty, regardless who and how many users are logged into the computer

Is there a specific reason you want to see who is logged into Self Service rather than who is logged into the computer?

@brandonusher Yes. In this scenario, the users logged in to Self Service are LDAP users and have no correlation to the user used to log in to the Mac. @cvgs Thanks for the reference. Please see my response above about the limitations of using $3 in Self Service.

Appreciate the responses.

As long as the policy is only able to be run if someone is logged into Self Service, then the following should work:

#!/bin/bash

# Get currently logged in user
targetUser=`who | grep console | awk '{ print $1 }'`

# Get last user that logged into Self Service
selfSvcUser=`defaults read "/Users/$targetUser/Library/Preferences/com.jamfsoftware.selfservice.plist" LastLoggedInUser`

# Output current user and last Self Service user
echo "Current User: $targetUser"
echo "Self Service User: $selfSvcUser"

By assigning Limitations for LDAP groups in the scope of the policy, you can prevent the policy from being run unless someone is logged into Self Service.

I hope this helps!

Hi,

i made a short test script to see what different values you get by running a self service policy. In my testing with Self Service 9.63 the $3 attribute was properly filled when run within a Self Service policy and logging in and out of Self Service. But i still may misunderstand when and how exactly you try to reference $3.

However, you can get up to 4 different user names (try it by using Casper Screen Sharing to connect to a virtual desktop on the target machine and then logging into Self Service):

User: casperscreensharing
User (LoginWindow): johndoe
User (Self Service): casperadmin
User (Last Self Service): johndoe_admin

This is the test script for use within a Self Service policy:

#!/bin/bash

JAMF_HELPER="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
JAMF_ICONS="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/Resources"
COMPUTER_NAME="${2}"
USER_NAME="${3}"
CONSOLE_USER_NAME="$(/usr/bin/stat -f "%Su" /dev/console)"
LOGINWINDOW_USER_NAME=$( ps aux|grep "loginwindow [c]onsole"|grep -v "^root"|head -n 1|awk '{print $1}' )

USER_STRING="User: ${CONSOLE_USER_NAME}"
if [[ "${LOGINWINDOW_USER_NAME}" != "${CONSOLE_USER_NAME}" ]]; then
    USER_STRING="${USER_STRING}
User (LoginWindow): ${LOGINWINDOW_USER_NAME}"
fi
if [[ "${USER_NAME}" != "${CONSOLE_USER_NAME}" ]]; then
    USER_STRING="${USER_STRING}
User (Self Service): ${USER_NAME}"
fi
if [[ -n "${CONSOLE_USER_NAME}" ]]; then
    LAST_SELF_USER_NAME="$( defaults read "/Users/${CONSOLE_USER_NAME}/Library/Preferences/com.jamfsoftware.selfservice.plist" LastLoggedInUser )"
    if [[ "${LAST_SELF_USER_NAME}" != "${CONSOLE_USER_NAME}" ]]; then
        USER_STRING="${USER_STRING}
User (Last Self Service): ${LAST_SELF_USER_NAME}"
    fi
fi

USER_MESSAGE="Computer: ${COMPUTER_NAME}
${USER_STRING}"

echo "${USER_MESSAGE}"
HELPER_RESULT=$( "${JAMF_HELPER}" 
    -windowType utility 
    -title "Support Data" 
    -description "${USER_MESSAGE}" 
    -icon "${JAMF_ICONS}/Message.png" 
    -button1 "OK" 
    -defaultButton 1 
    -startlaunchd 2>/dev/null )

exit ${HELPER_RESULT}

@cvgs Thank you for the script. Very helpful in testing the $3 behavior. When logging in and then immediately logging out of self service and running the script, you will notice that $3 still hangs on to its last value, when it should update to "null". The value does not appear to update until the Self Service session timeout of 30 minutes occurs. Until then, quitting the app, removing preferences, etc. will not force $3 to update. I have escalated this accordingly with JAMF. Thank you again for all that responded.