Jamf Nation Community

macmanmk · ‎11-13-2017

Can anyone let me know what I'm doing wrong with the script below? We use it to allow trusted site access for Chrome. The main problem is that if a user isn't logged in at the time the policy runs, instead of the policy failing it creates a root directory inside of /Users. Specifically, it writes the Chrome plist at /Users/root/Library/Preferences/com.google.Chrome.plist. What can we do to prevent that?

#!/bin/bash

## Variables
AuthServers=https://autologon.microsoftazuread-sso.com,https://aadg.windows.net.nsatc.net,*.testenvironment.com
currentUser=`stat -f "%Su" /dev/console`

## Modify Chrome settings 
## We can write the prefs regardless of whether or not Chrome is open
defaults write /Users/"$currentUser"/Library/Preferences/com.google.Chrome AuthServerWhitelist "$AuthServers"
chown "$currentUser" /Users/"$currentUser"/Library/Preferences/com.google.Chrome.plist
echo "Chrome preferences written to /Users/$currentUser/Library/Preferences/com.google.Chrome"
echo "AuthServers set to:"
defaults read /Users/"$currentUser"/Library/Preferences/com.google.Chrome AuthServerWhitelist
ls -l ~/Library/Preferences/com.google.Chrome.plist
exit 0

alexjdale · ‎11-13-2017

You need to include code to catch nulls and other possible problems. I'd simply make sure that the /Users/"$currentUser"/ directory exists before proceeding with the changes.

Try something like:

if [ ! -d "/Users/$currentUser" ]; then
     exit 0
fi

ccm · ‎11-13-2017

You could add a check for root:

currentUser=stat -f "%Su" /dev/console

if [ "$currentUser" = "root" ];then echo "Not for root user" exit 0
fi

I've also had some issues with calling console directly so I often find the console user using:

currentUser=$(/usr/bin/who | awk '/console/ { print $1 }')

bvrooman · ‎11-13-2017

You can also use a configuration profile for Chrome, if that is an option in your environment.

Jamf Nation Community

Help with a script - root directory being written at /Users