Skip to main content
Question

Help with a script - root directory being written at /Users


Forum|alt.badge.img+12

Can anyone let me know what I'm doing wrong with the script below? We use it to allow trusted site access for Chrome. The main problem is that if a user isn't logged in at the time the policy runs, instead of the policy failing it creates a root directory inside of /Users. Specifically, it writes the Chrome plist at /Users/root/Library/Preferences/com.google.Chrome.plist. What can we do to prevent that?

#!/bin/bash

## Variables
AuthServers=https://autologon.microsoftazuread-sso.com,https://aadg.windows.net.nsatc.net,*.testenvironment.com
currentUser=`stat -f "%Su" /dev/console`

## Modify Chrome settings 
## We can write the prefs regardless of whether or not Chrome is open
defaults write /Users/"$currentUser"/Library/Preferences/com.google.Chrome AuthServerWhitelist "$AuthServers"
chown "$currentUser" /Users/"$currentUser"/Library/Preferences/com.google.Chrome.plist
echo "Chrome preferences written to /Users/$currentUser/Library/Preferences/com.google.Chrome"
echo "AuthServers set to:"
defaults read /Users/"$currentUser"/Library/Preferences/com.google.Chrome AuthServerWhitelist
ls -l ~/Library/Preferences/com.google.Chrome.plist
exit 0

3 replies

Forum|alt.badge.img+17
  • Contributor
  • 881 replies
  • November 13, 2017

You need to include code to catch nulls and other possible problems. I'd simply make sure that the /Users/"$currentUser"/ directory exists before proceeding with the changes.

Try something like:

if [ ! -d "/Users/$currentUser" ]; then
     exit 0
fi

Forum|alt.badge.img+3
  • New Contributor
  • 5 replies
  • November 13, 2017

You could add a check for root:

currentUser=stat -f "%Su" /dev/console

if [ "$currentUser" = "root" ];then echo "Not for root user" exit 0
fi

I've also had some issues with calling console directly so I often find the console user using:

currentUser=$(/usr/bin/who | awk '/console/ { print $1 }')


Forum|alt.badge.img+16
  • Valued Contributor
  • 277 replies
  • November 13, 2017

You can also use a configuration profile for Chrome, if that is an option in your environment.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings