Posted on 06-02-2011 08:14 AM
Having a black out and can't locate the info on this… I know its been a topic on here, so hopefully someone can snap me back to life.
The goal is to send a script or simple command to be executed as the currently logged in user –not as root.
Anyone have the answer handy?
Nick Caro Senior Desktop Support Administrator
Phone +1 212-839-1587 Fax 212-946-4010 nick.caro at rga.com<mailto:nick.caro at rga.com>
R/GA 350 West 39th Street New York, NY 10018
www.rga.com<http://www.rga.com/> www.twitter.com/rga<http://www.twitter.com/rga> www.facebook.com/rga<http://www.facebook.com/rga>
The Agency for the Digital Age™
Posted on 06-02-2011 08:18 AM
Get the owner of /dev/console and sudo -U of that user.
j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
Posted on 06-02-2011 08:20 AM
Not sure what exactly you're trying to accomplish, but
`who | grep "console" | cut -d" " -f1`
Will get you the shortname of the currently logged in user.
Bob
Posted on 06-02-2011 08:22 AM
I want to launch a widget as the current logged in user
Nick Caro Senior Desktop Support Administrator
Posted on 06-02-2011 08:23 AM
If you are running it as a log in policy I believe $3 will return the
current user. If you are using the built in apple tools from the login
window to run a script at log in, $1 will return the current user. If
you are deploying something as a user agent in ~/Library/LaunchAgents
$USER will return the currently logged in user. If you are triggering a
policy via self service in a user session detecting ownership of
/dev/console will give you the current user.
Posted on 06-02-2011 08:26 AM
You may want to make this a user agent then, or look at sudo -u
$currentuser open -a /path/to/widget where $currentuser would be a
command to grab the currently logged in user.
Alternatively you can package up all widgets and put them in
/Library/Widgets and any user can launch them from the dashboard.
Posted on 06-02-2011 08:29 AM
Thank you!
Nick Caro Senior Desktop Support Administrator
Posted on 06-02-2011 08:31 AM
Depending on what you're trying to achieve you could run a launch agent, that calls a script.
I've an AppleScript app that mounts drives & printers depending on ad group membership. This app is launched from a launchagent @ login.
Regards,
Ben.
Posted on 06-02-2011 08:43 AM
On 6/2/11 10:14 AM, "Nick Caro" <Nick.Caro at rga.com> wrote: Having a black out and can't locate the info on thisŠ I know its been a topic on here, so hopefully someone can snap me back to life. The goal is to send a script or simple command to be executed as the currently logged in user not as root. Anyone have the answer handy?
A launchd item placed in /Library/LaunchAgents will execute commands under
the current user. You can use it to call a more complex script that you've
stored somewhere.
Lingon is great for creating launchd items effortlessly.
--
William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492
Posted on 07-18-2012 09:32 AM
I just want to say thanks for the information. I know there are several ways to get the user variable, but the one I used was /usr/bin/logname
I found that in one of the threads on this subject. Im posting my script below in case someone finds it helpful. I used this script to make a self service item to launch a script that pulls kerberos name/password to mount a drive.
#!/bin/bash
### Variables
user=/usr/bin/logname
### comment out to see values in Terminal
##echo "${user}"
### Functions
su ${user} /Library/Scripts/mount_at_login.sh
Posted on 07-18-2012 11:00 AM
This is what I user for things like resetting Photoshop , Font Explorer to backing up Firefox bookmarks etc in Self Service
consoleuser=ls -l /dev/console | cut -d " " -f4
su - "${consoleuser}" -c 'command to run'
Posted on 07-18-2012 11:01 AM
'/usr/bin/logname' sounds good, but it doesn't work when done through Casper Remote, and possibly some other methods, such as non Self Service policies. I just tried it quickly through Casper Remote and I got our Casper Suite service account returned as the result in every single case. I'd be careful where you use that.
Posted on 07-18-2012 11:53 AM
Mine works 100%
Posted on 10-09-2012 08:43 AM
Maybe not the best, but it's short and it works.
#!/bin/bash
#variable for storing the current users name
currentuser=`stat -f "%Su" /dev/console`
#substituting as user stored in variable to modify plist
su "$currentuser" -c "<command to run>"
Posted on 04-12-2013 04:02 AM
Hi Tim,
Just a note to say I tried what you mentioned @ 7/18/12 at 1:00 PM & it's worked for me too!
Posted on 04-12-2013 04:05 AM
sweet :)
Posted on 11-24-2014 07:59 AM
Hey all,
Is there a way to run an entire script as the logged in user, as opposed to a command?
I'm trying to run the script as a Policy; Once per Day frequency, Re-occuring Check-In trigger. But it errors cause I guess the policy is running the script as Root so it fails like it should. Even from Remote it errors correctly.
If I call the policy from the client machine using a custom trigger within Terminal, it executes correctly.
The script lives in the JSS and not on the client machine. I know I can put the script locally and let it run with launchd but we are trying to use the JSS with its log reporting to find out if any failed, completed, etc..
#!/bin/bash
#Define variables
consoleUser=`ls -l /dev/console | cut -d " " -f4`
SOURCE_Folder=/Users/$consoleUser
localMOUNT=/Users/Shared/homeBakSource
userShortNames=(`ls -1 /Users`)
theFileServer=//my.server.company.com/Home%20Folders
#############################################################
################# Primary Sanity Checks #####################
#############################################################
### Check to see if a user is logged in.
### define an array of all items listed in the /Users folder
# for each user in the array
for user in ${userShortNames[@]}
do
if [ ! -z `/usr/bin/dscl . -list /users | grep $user` ]; then
if [ “$consoleUser” == “$user” ]; then
echo "We got a logged in user!! Let's continue."
else
echo "No one logged in. Aborting!"
exit
fi
fi
done
### Check to see if the CLT are installed, if not exit.
if [ ! -d /Library/Developer/CommandLineTools ]; then
echo "No Command Line Tools. Need to install. Aborting"
exit
fi
### Check to see if rsync is installed where it should be
### We use the compiled version of rsync version 3.10 and
### not the Apple default which is 2.6.9 which is no longer
### supported.
if [ ! -f /usr/local/bin/rsync ]; then
echo "The correct verison of rsync in not installed. Aborting!"
exit
fi
### Check to see if the source folder exists. It should but it's wise to make
### a sanity check regardless.
if [ ! -d $SOURCE_Folder ]; then
echo "Source home folder not available. Aborting"
exit
fi
### Check to see if the folder for the mount point exists, if not lets make it.
if [ ! -d $localMOUNT ]; then
mkdir $localMOUNT
fi
#############################################################
################ /Primary Sanity Checks #####################
#############################################################
#############################################################
############### Secondary Sanity Checks #####################
#############################################################
### We need a sanity check to make sure the mount point is available
if [ ! -d $localMOUNT ]; then
echo "Could not find local mount point. Aborting."
exit
else
### Let's mount the destination
mount -t smbfs $theFileServer/$consoleUser $localMOUNT
fi
#############################################################
############## /Secondary Sanity Checks #####################
#############################################################
### Execute the sync
/usr/local/bin/rsync -aNHxv --progress --delete $SOURCE_Folder $localMOUNT
sleep 2
umount $localMOUNT
rm -Rf $localMOUNT
Posted on 01-11-2019 03:38 PM
@pvader same here , jamf ever answer your needs from 2014? if not what tool you using?
Posted on 01-11-2019 04:08 PM
Hi.. I am no longer working in IT.. sorry, can't help you!
xoxoxo
Posted on 01-12-2019 06:41 AM
Posted on 04-26-2019 11:19 AM
Good thread - I needed something similar and thanks to tips here ended up using something like this in a script called by users as a Self Service item:
sudo -u $3 -i /path/to/binary --parameter $3 --destination /Users/$3/Desktop/$3 --verbose
Posted on 05-02-2019 10:46 AM
@Sterritt : you're my hero. Thank you.