Login Policy Running as root user

murraybridgehs
New Contributor

I am trying to configure a login policy to modify the side bar (using mysides & sfltool), however whenever the policy runs it is running as the root user.

Does anyone have a working login policy that runs as the user logging in?

4 REPLIES 4

ebalen
New Contributor

Is your policy running a script? Jamf always runs scripts as the root user. You can create a variable to get the currently logged in user. I use:

currentuser=`stat -f "%Su" /dev/console`

There are a bunch of other posts about this same topic, so you may be able to find some useful or more applicable information in them.

murraybridgehs
New Contributor

Yes it is running a script.
$3 variable returns the correct user that is logging in.
What would be the best way to prefix lines in my script to be running as that user?
For example: /usr/local/bin/mysides remove iCloud x-apple-finder:icloud

WilsonFredonia
New Contributor III

https://www.jamf.com/jamf-nation/discussions/17204/com-apple-sidebarlists-in-el-capitan

I used the script from that thread with great luck. The user accounts are in a lab setting and wiping after each use so this gave a great way to keep a consistent side bar.

apizz
Valued Contributor

@murraybridgehs We use a tool called outset to run a number of scripts the first time a user logs in to a machine to get their sidebar, dock items, desktop background, etc. set to our desired defaults.

I know in our experience we've had some issues with policies not consistently being triggered at login.

With outset you take the JSS out of the equation and also ensure that the script(s) you want to run only happen once. I know you can set JSS policies to run "Once per computer", but then you have to manually flush the logs for those policies if you want to have them run again.