Jamf Nation Community

techfan42 · ‎07-20-2023

I have a script I am using for creating website shortcuts on the desktop. My manager doesn't like that they all end in .webloc and asked if I can hide the extension, which can be done in the Finder. The only way I found to do this is using AppleScript command set extension hidden. I have no problem running the following script as myself (removing the sudo -u $logged_in_user). It creates the shortcut and hides the webloc extension. But no matter what I cannot figure out how to get this to work when running the script as root. Since the script will run from JAMF it will always run as root. Any help with this would be appreciated.

#!/bin/zsh

logged_in_user=$(/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ {print $3}')

webloc_filename="Apple"
webloc_address="https://www.apple.com/"

shortcutPath="/Users/${logged_in_user}/Desktop/${webloc_filename}.webloc"

webloc_data='<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>URL</key>
    <string>'$webloc_address'</string>
</dict>
</plist>'

cat << EOWEBLOC > "${shortcutPath}"
    $webloc_data
EOWEBLOC

sudo -u $logged_in_user osascript - "$shortcutPath" << 'EOF'
on run argv
    tell application "Finder" to set extension hidden of (POSIX file (item 1 of argv) as alias) to true
end run
EOF

techfan42 · ‎07-20-2023

Right after I posted this I figured out what I was doing wrong. The file was owned by root so my user account couldn't change it. A quick permissions change and everything worked.

View solution in original post

techfan42 · ‎07-20-2023

Right after I posted this I figured out what I was doing wrong. The file was owned by root so my user account couldn't change it. A quick permissions change and everything worked.

greygoose · ‎07-24-2023

Hey techfan42, can you advise exactly how you changed permissions here?

techfan42 · ‎07-25-2023

I just changed the owner right before I called the osascript.

chown $logged_in_user $shortcutPath

greygoose · ‎07-25-2023

thanks techfan42 - just to confirm here:

I would add

chown $logged_in_user $shortcutPath

to the Files and Processes payload in a policy and set the script to run after

techfan42 · ‎07-25-2023

Sorry, no. In the script above I added it after the end of the EOWEBLOC block and before the osascript command.

#!/bin/zsh

logged_in_user=$(/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ {print $3}')

webloc_filename="Apple"
webloc_address="https://www.apple.com/"

shortcutPath="/Users/${logged_in_user}/Desktop/${webloc_filename}.webloc"

webloc_data='<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>URL</key>
    <string>'$webloc_address'</string>
</dict>
</plist>'

cat << EOWEBLOC > "${shortcutPath}"
    $webloc_data
EOWEBLOC

chown $logged_in_user $shortcutPath

sudo -u $logged_in_user osascript - "$shortcutPath" << 'EOF'
on run argv
    tell application "Finder" to set extension hidden of (POSIX file (item 1 of argv) as alias) to true
end run
EOF

greygoose · ‎07-25-2023

Thanks for that - I'll give it a go

not to push the boat out too far here but the final step would be to use a custom icon for the shortcut - any ideas?

techfan42 · ‎07-25-2023

I am actually doing that myself, I just didn't include that part as it didn't have a bearing on my initial issue. I am using a script called fileicon, https://github.com/mklement0/fileicon. I would share with you my entire script but it involves a custom installer for fileicon and for the icons themselves which I used packages to package up, http://s.sudre.free.fr/Software/Packages/about.html.

greygoose · ‎07-25-2023

thanks again for the info - I'll look into fileicon

Jamf Nation Community

osascript not working