Jamf Nation Community

murraybridgehs · ‎04-11-2017

I am trying to configure a login policy to modify the side bar (using mysides & sfltool), however whenever the policy runs it is running as the root user.

Does anyone have a working login policy that runs as the user logging in?

ebalen · ‎04-11-2017

Is your policy running a script? Jamf always runs scripts as the root user. You can create a variable to get the currently logged in user. I use:

currentuser=`stat -f "%Su" /dev/console`

There are a bunch of other posts about this same topic, so you may be able to find some useful or more applicable information in them.

murraybridgehs · ‎04-11-2017

Yes it is running a script.
$3 variable returns the correct user that is logging in.
What would be the best way to prefix lines in my script to be running as that user?
For example: /usr/local/bin/mysides remove iCloud x-apple-finder:icloud

WilsonFredonia · ‎04-12-2017

https://www.jamf.com/jamf-nation/discussions/17204/com-apple-sidebarlists-in-el-capitan

I used the script from that thread with great luck. The user accounts are in a lab setting and wiping after each use so this gave a great way to keep a consistent side bar.

apizz · ‎04-12-2017

@murraybridgehs We use a tool called outset to run a number of scripts the first time a user logs in to a machine to get their sidebar, dock items, desktop background, etc. set to our desired defaults.

I know in our experience we've had some issues with policies not consistently being triggered at login.

With outset you take the JSS out of the equation and also ensure that the script(s) you want to run only happen once. I know you can set JSS policies to run "Once per computer", but then you have to manually flush the logs for those policies if you want to have them run again.

Jamf Nation Community

Login Policy Running as root user