Jamf Nation Community

Report Inappropriate Content · ‎02-28-2011

I have created a Policy that will install a piece of Software and run a
Script to configure the plist file to include the current logged in users
short name.

#! /bin/sh

# Set variable
user=id -un

# Set Permissions on Tempora folder
chmod -R 777 /Library/Application Support/Tempora

# Run command
/usr/libexec/PlistBuddy -c "Set :NetLogin $user" /Library/Application
Support/Tempora/webservice.plist

exit 0

Because Casper runs everything as root the script sets the NetLogin to
root.

Does anyone have a better solution?

Cheers

Joe

+ 60 Kingly Street, London, W1B 5DS
* helpdesk at bbh.co.uk
( +44 207 453 4983
4

www.bartleboglehegarty.com

This transmission is from BBH Partners LLP, it is confidential and intended
solely for the person or organisation to whom it is addressed. This
transmission may contain confidential information within its content or any
attachment. You should not copy, use or distribute in any way any of the
information contained within this transmission other than in accordance
with the prior written permission of an authorised BBH representative.

Partnership Information:
Registered name: BBH Partners LLP
Registered office: 60 Kingly Street London W1B 5DS
Place of registration: England and Wales
Registered number: OC355051

Although all messages/file attachments passing through this gateway are
scanned for viruses we cannot guarantee that any file is 100% virus-free.
/

![external image link](attachments/e19e07944c5843518d2f432d4a1ee298)

jarednichols · ‎02-28-2011

Sudo on behalf of the user.

Sudo –u $user <command>

We use this all the time to do things on the user's behalf (e.g. Affect something in the user's home folder)

j
--
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

tlarkin · ‎02-28-2011

Joe,

There are several ways of doing this. Let me just list them off for you

1) Use a launch agent instead of a script, have casper fill existing users to copy out your launch agent. All launch agents live in ~/Library/LaucnhAgents and run as current user. You can have your launch agent run the commands with in the plist itself, or have it call a script

2) use known methods to detect who is currently logged in and apply that to your script. My personal favorite is detecting who owns /dev/console

CurrentUser=ls -l /dev/console | awk '{ print $3 }'

3) Capture the plist in question in Composer, have it fill existing user and fill user template, that way ever user gets it and any new users will pull it from the template.

-Tom

![external image link](attachments/d97b0f30617d4548b2d3a060726ed56c)

Report Inappropriate Content · ‎02-28-2011

I did this but it still came back as root

#! /bin/sh

# Set variable
user=id -un

# Set Permissions on Tempora folder
chmod -R 777 /Library/Application Support/Tempora

# Run command
sudo -u $user /usr/libexec/PlistBuddy -c "Set :NetLogin
$user" /Library/Application Support/Tempora/webservice.plist

exit 0

Was the command wroong?

Thanks for your help with this?

+ 60 Kingly Street, London, W1B 5DS
* helpdesk at bbh.co.uk
( +44 207 453 4983
4

www.bartleboglehegarty.com

This transmission is from BBH Partners LLP, it is confidential and intended
solely for the person or organisation to whom it is addressed. This
transmission may contain confidential information within its content or any
attachment. You should not copy, use or distribute in any way any of the
information contained within this transmission other than in accordance
with the prior written permission of an authorised BBH representative.

Partnership Information:
Registered name: BBH Partners LLP
Registered office: 60 Kingly Street London W1B 5DS
Place of registration: England and Wales
Registered number: OC355051

Although all messages/file attachments passing through this gateway are
scanned for viruses we cannot guarantee that any file is 100% virus-free.

![external image link](attachments/5e20c799ce8f41cf8986966d637213f3)
![external image link](attachments/e38ad6b59b784970bd9512af3c11c043)

jarednichols · ‎02-28-2011

Let's back up one second… So you're just trying to specify the user in the plist file? Not set something on behalf of the user?
--
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

![external image link](attachments/74e82e19a36b44a1b271f6639e37f848)
![external image link](attachments/8547d867e60b4dd1b6b1195ec40aaf9e)

Report Inappropriate Content · ‎02-28-2011

If you run the script as root, the 'id' command runs as root, and reports that it is running as root. You need to find out the real user name instead, and act on it. Also, you should not be setting permissions to 777 unless you're absolutely sure you want all users that have any access (that includes any Guest account(s) ) to be able to write anything to there. And even if that is the case, you should not set permissions to 777 recursively; instead use chmod -R a+w (again, only if you're really sure).

What are you really trying to do here?

jarednichols · ‎02-28-2011

Ah ok. Yeah change your method for finding the user. I use a method
similar to Tom's where you find out who owns /dev/console. That works
without fail.

j
-- Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

Report Inappropriate Content · ‎02-28-2011

Yes that's correct, just specify the user

Cheers

Joe

+ 60 Kingly Street, London, W1B 5DS
* helpdesk at bbh.co.uk
( +44 207 453 4983
4

www.bartleboglehegarty.com

This transmission is from BBH Partners LLP, it is confidential and intended
solely for the person or organisation to whom it is addressed. This
transmission may contain confidential information within its content or any
attachment. You should not copy, use or distribute in any way any of the
information contained within this transmission other than in accordance
with the prior written permission of an authorised BBH representative.

Partnership Information:
Registered name: BBH Partners LLP
Registered office: 60 Kingly Street London W1B 5DS
Place of registration: England and Wales
Registered number: OC355051

Although all messages/file attachments passing through this gateway are
scanned for viruses we cannot guarantee that any file is 100% virus-free.

![external image link](attachments/5c20165858a14137b349e8086e16cef5)
![external image link](attachments/653ae38714b6499790311310d6222790)

tlarkin · ‎02-28-2011

Another idea would be to use MCX and another idea would be to script it
for all local users. However, Casper already has built in functionality
for that, so no need to reinvent the wheel unless you need something
very specific.

sean · ‎02-28-2011

Me too, but rather than piping you can just call the correct value directly

stat -f%Su /dev/console

and then as Jared said, sudo -u as this user.

Sean

![external image link](attachments/a0b1c2143268471eab783d28989a2494)
![external image link](attachments/f29df54fd46e47df97244da695213192)

Report Inappropriate Content · ‎02-28-2011

It all depends on exactly what you're trying to do. I suspect you want to do this for all local users; there's a better way to do that, if that's the case. If you only want it for specific users, you're better off specifying it in the policy that runs the script. Unless you only want to do it for the currently logged-in user, in which case you'll need to find out who that is (though if you use a login policy, that's given to you for free).

On Feb 28, 2011, at 11:34 AM, Thomas Larkin wrote:

Another idea would be to use MCX and another idea would be to script it for all local users. However, Casper already has built in functionality for that, so no need to reinvent the wheel unless you need something very specific.

tlarkin · ‎02-28-2011

Also, really if you run a log in policy as Casper that runs a script,
Casper always returns $3 as the current user. So really in all honesty,
if Casper is running this script as a login hook, then all you need to
do is put $3 in the script as long as Casper is running it

http://jamfsoftware.com/kb/article.php?id=040

Report Inappropriate Content · ‎02-28-2011

This worked

user=ls -l /dev/console | awk '{ print $3 }'

although now the LaunchAgent does not automatically run when installed at
Login with the policy but if I install using the pkg I made with Composer
it does??

+ 60 Kingly Street, London, W1B 5DS
* helpdesk at bbh.co.uk
( +44 207 453 4983
4

www.bartleboglehegarty.com

This transmission is from BBH Partners LLP, it is confidential and intended
solely for the person or organisation to whom it is addressed. This
transmission may contain confidential information within its content or any
attachment. You should not copy, use or distribute in any way any of the
information contained within this transmission other than in accordance
with the prior written permission of an authorised BBH representative.

Partnership Information:
Registered name: BBH Partners LLP
Registered office: 60 Kingly Street London W1B 5DS
Place of registration: England and Wales
Registered number: OC355051

Although all messages/file attachments passing through this gateway are
scanned for viruses we cannot guarantee that any file is 100% virus-free.

![external image link](attachments/6c5e847200cd4d31a2769f88c8374ce5)
![external image link](attachments/7e23cbfda477495290250957b39aff61)

Jamf Nation Community

Policy to run Script