Jamf Nation Community

thestardawg · ‎09-17-2013

I'm using this script to auto set search domains at login. It works great but the user has to enter their password twice. Is there anyway to bypass?

Thanks!

#!/bin/sh

SearchDomains=""


# Install DNS servers and DNS search domains

/usr/sbin/networksetup -setsearchdomains "Wi-Fi" $SearchDomains
/usr/sbin/networksetup -setsearchdomains "Thunderbolt Ethernet" $SearchDomains
/usr/sbin/networksetup -setsearchdomains "Thunderbolt Ethernet 2" $SearchDomains
/usr/sbin/networksetup -setsearchdomains "Ethernet" $SearchDomains
/usr/sbin/networksetup -setsearchdomains "USB Ethernet" $SearchDomains


# Remove setup LaunchDaemon item

srm /Library/LaunchDaemons/com.company.networksetup.plist

# Make script self-destruct

srm $0

thestardawg · ‎09-17-2013

This is the script I'm using to call the searchdomains.

I do not have the power of Casper yet, but hopefully will very soon. So I'm just manually uploading these files at the moment.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.company.networksetup</string>
    <key>ProgramArguments</key>
    <array>
        <string>/var/network_setup.sh</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
</dict>
</plist>

jarednichols · ‎09-18-2013

Is it a LaunchAgent or a LaunchDaemon?

If it's a LaunchAgent, it runs the called script as the user. Seeing as how you need sudo rights with networksetup to set anything, that's why they're prompted. If you do it as a LaunchDaemon, it'll run as root.

With Casper, set a policy to run at login and fire off the script (removing the self destruct bit first) as the Casper admin user will by default run the script with sudo rights and there will be no prompt for auth.

EDIT: I'm not properly caffeinated and just re-read your post. It's a LaunchDaemon. Let me bang this around my skull.

EDIT 2: What are the permissions and ownership on the items involved? (script and LD)

thestardawg · ‎09-18-2013

Hey Jared,

It looks like the permissions are set as following:

network_setup.sh --rwxr-xr-x@ root wheel

com.company.networksetup.plist --rwxr-xr-x@ root staff

I've got it currently installed a user launch agent.

Should I try making it a launchdaemon?

Thanks for the help,

mm2270 · ‎09-18-2013

From your script it looked like you were srm'ing a LaunchDaemon, so I think Jared (and I as well) assumed you set this up as a LaunchDaemon. But you're saying its located in /Library/LaunchAgents? If so, then that's the issue, just as Jared mentioned. A LaunchDaemon will run as root and not prompt for admin credentials.

The only issue you may run into is, LDs will run even when no-one is logged in and you mentioned wanting to make this run at login. Truthfully though I don't see why it would require that since you're setting search domains. Not really something that is user specific. Try it as a LaunchDaemon and if it works out, then that's the answer.

nessts · ‎09-18-2013

and the permissions of the plist file in LaunchAgents or LaunchDaemons has to be root:wheel 644 or more restrticive. if write or execute is on for group or other it will never execute. rw-r--r--

thestardawg · ‎09-18-2013

Thanks for the help guys! Does it matter the permissions on the .sh script? I changed those to root:wheel 644 as well.

I'm not sure what I could be doing wrong at this point. Nothing appears to be happening once I moved it to Daemons.

I also checked launctl load and it says the .plist is already loaded.

TDManila · ‎07-27-2022

Hello! I have been searching and trying script to call the admin user / profile but it doesn't seem to be working on my end. Do you have any particular script to that? to call or know the admin logins? I have also tried through jamf advanced computer search and smart groups but did not see any.

Jamf Nation Community

Have a script run at Login but not call for admin privileges?