FUT, ownership, and permissions

dustydorey
Contributor III
Contributor III

OK so here goes,

I have this application that I want to use, it's a Password Expiration
Monitor that sits in the Menu Bar and displays the days until their
password expires, also if you click on it the menu has a "change
password" option and opens system prefs and takes them to the change
password. I like it, it makes our AD users lives a little easier.
The caveat is that if you just package and install it the user still has
to launch the app and in it's preferences set it to launch at login.
Not something I'd like to have them do when I'm trying to make their
lives easier. So I wrote an applescript that adds the app to their
login items for them. So then I wanted to find a way to trigger that
applescript. Launchd seemed a good way to go, so I created a User
Agent with Lingon that launches the applescript (I also added a line to
the applescript that deletes the Agent so it only runs the first time)

Well as convulted as this sounds it worked well. On a machine the
first time a user logs in launchd sees the agent I created, which
launches the applescript that adds the Password Monitor to the login
items, and then deletes the Agent since it's not needed anymore.

The problem is when I build the package and select to Fill the User
Template so AD users will get that launchd agent FUT sets the
permissions to that user.

For the agent to work it needs a very specific set of permissions and
ownership. Any ideas on how to override this or have I just gone off
the deep? I'm trying to avoid having a policy set to all of our AD
bound machines since the number of policies is getting rather
astronomical and if I could have everything contained in the app I'd be
much happier.

Is the answer a Dummy Receipt? J

-Dusty-

Dustin Dorey

Technology Support Cluster Specialist

Independant School District 196

Rosemount-Apple Valley-Eagan Public Schools

dustin.dorey at district196.org

651|423|7971

7 REPLIES 7

tlarkin
Honored Contributor

Where did you put the launchd item?

/Library/LaunchAgents is for users at log in and will apply to all users

/Library/LaunchDaemons is for system wide launchd items and are ran at
boot

~/Library/LaunchAgents are user specific launchd items and only launch
when that specific user logs in.



Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry: 913-449-7589
office: 913-627-0351

dustydorey
Contributor III
Contributor III

Sorry ~/Library/LaunchAgents as I wanted it to launch for each new AD user that was created at the time of their first login . Some of our machines have more than one AD user on them. And I really didn’t care if it got put in startup items for non AD users since it would then just display a diamond in the menubar.

The associated Applescript that it launches creates a login item for the logged in user as well and then removes the agent ~/Library/LaunchAgents/com.isd19.login.plist .

-Dusty-

Dustin Dorey

Technology Support Cluster Specialist

Independant School District 196

Rosemount-Apple Valley-Eagan Public Schools

dustin.dorey at district196.org

651|423|7971

Not applicable

We have an app that we load in the menu bar that users can click on and get their local ethernet and airport IP address'. In order to launch this on all machines we use launchd. This simply points to the application to launch and is also set with the KeepAlive key set to true so that even if the user quits it, it relaunches.

Below is the launchd plist we use.

-Adam

Adam Shepard
Creighton School District
Web Developer / System Administrator
[Office 602-381-6000][Cell 602-319-8935]

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd ">
<plist version="1.0">
<dict> <key>Label</key> <string>org.creightonschools.ip4me</string> <key>KeepAlive</key> <true/> <key>ProgramArguments</key> <array> <string>/Applications/ip4me.app/Contents/MacOS/ip4me</ string> </array>
</dict>
</plist>

dustydorey
Contributor III
Contributor III

I'm assuming that this is a daemon and not a user agent, is that
correct?

-Dusty-

Dustin Dorey

Technology Support Cluster Specialist

Independant School District 196

Rosemount-Apple Valley-Eagan Public Schools

dustin.dorey at district196.org

651|423|7971

Not applicable

Correct this is a daemon that we put here: /Library/LaunchDaemons/. This would also help you avoid having to use FUT and an AppleScript which would be one less point of failure to have to troubleshoot.

dustydorey
Contributor III
Contributor III

Thanks for the idea, I'm going to try building it right now.

I just had it stuck in my head to add the item to the user's login items
and just kept going down that path, kind of stuck in a rut.

BTW ever use lingon to build your agents, and daemons?

Thanks again!

-Dusty-

Dustin Dorey

Technology Support Cluster Specialist

Independant School District 196

Rosemount-Apple Valley-Eagan Public Schools

dustin.dorey at district196.org

651|423|7971

Not applicable

When I got to work I looked again at my e-mails and saw that I said it LaunchDaemon. This would probably work but wouldn't be a good practice. You probably want a Launch Agent installed here: /Library/LaunchAgents

From the Apple web site (http://developer.apple.com/documentation/Darwin/Reference/ManPages/man5/
launchd.plist.5.html):

/Library/LaunchAgents Per-user agents provided by the administrator.
/Library/LaunchDaemons System wide daemons provided by the administrator.

Let me know how this works out.

-Adam