Jamf Nation Community

Permalink · ‎05-07-2009

Hello,

I was looking for a command that I could use to verify that a user is logged onto their machine before a policy is run (as opposed to a machine being on, but sitting at the login screen)

I want to make sure that they are logged in so they are sure to get the messaging that this policy has run.

I am imagining something like the following:

If any user is logged in (except for our 2 admin accounts whose name I can specify)

Execute jamf policy -trigger "custom trigger"

Else quit.

Does anyone have an idea on the scripting for this?

Thanks very much,
Matt Oclassen

Desktop Systems Specialist
salesforce.com

tlarkin · ‎05-07-2009

Are these accounts local or part of a directory?

This could be easily done a few different ways. First and foremost I
suggest anyone who manages Macs to keep their local admin accounts
hidden, in like /private/var for example. That way it keeps them out of
the /Users directory. Then all of your policies in place for your
managed users can loop through the /users directory. Since the admin
accounts won't be there you won't loop them out at all.

I kind of just came up with a quick way to do this, probably not that
efficient and someone who is a better script writer may want to try it.

#!/bin/bash

#get current user logged in

current_user=finger -lp | grep Directory | cut -c 19-40

#now loop through users

for i in `ls /Users`

do

if [[ $i == $current_user ]]

then jamf policy -trigger MyPolicy

else echo "not in /Users"

fi

exit done

This was written very quick and you may want to write it a better way. That is where I would start though.

Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry: 913-449-7589
office: 913-627-0351

dustydorey · ‎05-07-2009

What exactly are you trying to run?

Would it work to run the policy on the login trigger and specify once
per user for each machine in the scope?

That way it would run when the login trigger was hit for each user on
the machine.

Just a though, not sure exactly what your end goal is though so it may
not be of any help.

-Dusty-

Dustin Dorey

Technology Support Cluster Specialist

Independant School District 196

Rosemount-Apple Valley-Eagan Public Schools

dustin.dorey at district196.org

651|423|7971

dhowell · ‎05-07-2009

I found this one to work the best for me

username=/usr/bin/w | grep console | awk '{print $1}'

than using variable like this /Users/$username/

D. Trey Howell
trey.howell at austinisd.org
Desktop Engineering

Bukira · ‎05-07-2009

Hi chaps

Sorry if this doesn't sound right but this us what I do, if have a policy that runs at night time only every 30mins which shutsdown a mac if no one is logged in

For me it was simple, when a user logs in a login hook touchs
/Library/Login/loggedinuser. Then when they logout it removed the file

My policy then checks if that file exists , if so is exits, if not it shutsdown.

To me that seemed the simplist, as I can reuse that log file for abu script, much easier that checking directories and users folders

Criss

jarednichols · ‎05-08-2009

Perhaps this would be better in this case?

## Set a variable that takes the output of the current console owner and cut the result down
user=ls -l /dev/console | cut -d " " -f 4

I haven't tried it, but I would think that if nobody's logged in, /dev/console will be owned by either nobody or root.

j

Permalink · ‎05-08-2009

Thanks all for the suggestions everyone.

Much appreciated! I should be good to go.

Jamf Nation Community

Grep(?) or other method for a logged on user.