Login policy script and current user

AVmcclint
Honored Contributor

I'm stumped. I've got a very basic script that is designed to delete Google Chrome from /Applications and ~/Applications (if present). When I run this locally as sudo delete_chrome.sh it works just fine and it does exactly what it is supposed to do. It also works when run from a Policy in Self Service. When it is run via policy at login it only deletes /Applications/Google Chrome.app It doesn't seem to touch the user's Applications in his home folder.

#!/bin/sh

#variable for storing the current users name
currentuser=`stat -f "%Su" /dev/console`


# delete /Applications/Google Chrome.app and ~/Applications/Google Chrome.app
rm -Rf "/Applications/Google Chrome.app/"

if [ -e "/Users/$currentuser/Applications/Google Chrome.app/" ]
then
        rm -Rf "/Users/$currentuser/Applications/Google Chrome.app/"

fi

The only thing that I can think of is that it doesn't recognize that the user is logged in yet. Could this be the cause? Is there a way to make it recognize who is logged in during the execution of login policies?

8 REPLIES 8

thoule
Valued Contributor II

Missing a 'fi' at the end of your script.

DBrowning
Valued Contributor II

@AVmcclint you can add in a echo "$currentuser" in the script and then look at the log in Policy logs to see whats returning. My guess is it might be returning loginWindow instead of the username you are expecting.

AVmcclint
Honored Contributor

@thoule oops. My copy/paste missed the last fi but it is there in the live script. I'll fix that in the post.

@ddcdennisb I'll try that to see what it reports.

Does anyone else have scripts that run at login and refer to the current user?

DBrowning
Valued Contributor II

I have a few. some old scripts and new ones. I get current user either by:

un=`ls -l /dev/console | cut -d " " -f4`

or by

loggedInUser=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");'`

sean
Valued Contributor

Do you need to find the current logged in user? You appear to want to remove each existence of the app.

find /Users/*/Applications -maxdepth 1 -name "Google Chrome.app" -exec rm -R {} ;

or search the whole of Users

find /Users -name "Google Chrome.app" -exec rm -R {} ;

or you could use mdfind

mdfind -onlyin /Users kMDItemFSName="Google*Chrome.app"

If you really want to find user at login, there are so many threads already on here regarding this. If you use a login policy then $3 is the user logging in.

JAMF Script Parameters

You are almost certainly right that this is trying to run before the user logs in and at that point console belongs to root, so you will be trying to remove

/Users/root/Applications/Google Chrome.app/

Which probably doesn't exist.

davidacland
Honored Contributor II

The very simple way would be to use $3 instead of $currentuser. This will be fine if you're only running it at login.

AVmcclint
Honored Contributor

@ddcdennisb I inserted echo $currentuser into the script and it reported "root". I ended up changing the script to do

find /Users/*/Applications -maxdepth 1 -name "Google Chrome.app" -exec rm -R {} ;

instead and that seems to accomplish my goal.

AVmcclint
Honored Contributor

No wonder I've never had luck with $3. I had no idea it only applied during login. I've been tinkering with my scripts and I think I'm going to have to build every script I have in a way that includes elements of this so they can apply at login and in Self Service without having to write separate script files.

#!/bin/sh

#variable for storing the current users name
currentuser=`stat -f "%Su" /dev/console`

# these are just to confirm what username is being registered at the time of execution.
# it helps me troubleshoot as well because I can see the output in the policy log.
echo $currentuser
echo $3

if [ $currentuser = "root" ]
then
rm -rf /Users/$3/Library/blah/blah/blah
touch /Users/$3/Library/blah/blah/blah
whatevercommandyouneedtorun /Users/$3/path/within/home/folder/

else
# same commands as above but with the other variable
rm -rf /Users/$currentuser/Library/blah/blah/blah
touch /Users/$currentuser/Library/blah/blah/blah
whatevercommandyouneedtorun /Users/$currentuser/path/within/home/folder/

fi

Here are results of running a policy in Self Service:

Running script test.sh...
Script exit code: 0
Script result: cmcintosh
cmcintosh

And results of running at login:

Running script test.sh...
Script exit code: 0
Script result: root
cmcintosh

The IF...THEN...ELSE of the script properly determined which set of commands needed to be run at that particular moment. I still need to keep an eye on the $3 component of this method because I've had many other occasions where $3 reported "root" at login. But so far this has better results in my testing than only using $3.