Posted on 07-14-2014 06:51 AM
Hi,
I need my policy to finish and after the policy finished I want to call a shell script...let's better say just a line of code.
I've tried "AFTER" and "BEFORE" and also with a sleep-timer within...but it seems that the policy will not complete with the script in it.
Is there a chance to call the script right AFTER (not within the policy) the policy ran?
Thanks & best regards,
Dan
Posted on 07-14-2014 07:09 AM
You should be able to create a second policy with a trigger, and have the trigger be the first policy.
Posted on 07-14-2014 09:11 AM
Have you tried to run your code from the Files and Processes > Execute Command field?
That fires at the end of the policy.
Posted on 07-14-2014 09:36 AM
The only way i know to do that is to create a smart group with criteria based on the completed policy (such as a file that is now in place or app now installed) and then create a second policy against that smart group.
Posted on 07-14-2014 12:39 PM
+1 for dpertschi.
If it's a one-liner, no need to manage a script.
Posted on 07-14-2014 11:37 PM
Many thanks for your fast reply :)
Basically it is a one liner...but the one liner terminates the user session with osacript :/ so the policy does not complete.
Maybe there will have to be really a second policy.
Posted on 07-16-2014 06:03 AM
If you're trying to jump into the user session you may be running into sandboxd blocking you. Watch Console on a target machine as the policy runs and you may see it happen.
Remember that your policy scripts (and Execute Command field) run with implied sudo. You may need to actually do a script, capture the user, then do a sudo -u $user so that you're killing the user session as the user.
Something like:
#!/bin/sh
#capture the user
$user = `ls -la /dev/console | cut -d " " -f 4`
sudo -u $user run_your_command_as_the_user_here.
Posted on 07-16-2014 07:46 AM
+2 for dpertschi
Posted on 07-16-2014 07:52 AM
create a launch daemon to launch the script and pkg both that and the script in a package, load the launch daemon in the postinstall of the package , then have the script wait for jamf processes to exit so your policy gets a good exit, then let the script log out the user.
Posted on 07-16-2014 09:17 AM
*launch agent; daemons run in the root context
Posted on 07-17-2014 01:15 AM
I've tried all your suggestions...the result was nearly all the time the same ;)
What I want to do exactly:
1) Run Policy for encryption - ok status gets deferred for user xxx
2) Logout the user to start the encryption
As I get the deferred status immediately, I thought the simple logout does the job...but in reality I have to restart my computer, login and log back out.
Is there another workaround?