I'm experimenting with a login script (triggered by a LaunchAgent) that moves the logged in user's Desktop folder to a new location while symlinking another folder to the Desktop folder, effectively displaying another folder's contents on the actual Desktop. It's working perfectly on users that are sudoers, but fails if they are not, because of insufficient privileges.
Can I run the script when a non-sudoer logs in, but with higher (such as an arbitrary sudoer account or even root) privileges somehow? Has anyone attempted this?
I have done that by using a watch file and LaunchDaemon.
The LaunchAgent runs and when you want to rename the Desktop, you touch a file that is being watched by the LaunchDaemon.
You will need to save the location of the Users Desktop, and then read it in the Daemon script. The Agent runs as the User, the Daemon runs as root. I have used multiple of these in turn to set up Network home folders and to redirect their folders to the Network ones. Just need to pop in a wait command to halt the Agent script for long enough for the Daemon one to do its task.