run script as logged in user, not as root

Get the owner of /dev/console and sudo -U of that user.

j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

Not sure what exactly you're trying to accomplish, but

`who | grep "console" | cut -d" " -f1`

Will get you the shortname of the currently logged in user.

Bob

I want to launch a widget as the current logged in user

Nick Caro Senior Desktop Support Administrator

If you are running it as a log in policy I believe $3 will return the
current user. If you are using the built in apple tools from the login
window to run a script at log in, $1 will return the current user. If
you are deploying something as a user agent in ~/Library/LaunchAgents
$USER will return the currently logged in user. If you are triggering a
policy via self service in a user session detecting ownership of
/dev/console will give you the current user.

You may want to make this a user agent then, or look at sudo -u
$currentuser open -a /path/to/widget where $currentuser would be a
command to grab the currently logged in user.

Alternatively you can package up all widgets and put them in
/Library/Widgets and any user can launch them from the dashboard.

Thank you!

Nick Caro Senior Desktop Support Administrator

Depending on what you're trying to achieve you could run a launch agent, that calls a script.

I've an AppleScript app that mounts drives & printers depending on ad group membership. This app is launched from a launchagent @ login.

Regards,

Ben.

On 6/2/11 10:14 AM, "Nick Caro" <Nick.Caro at rga.com> wrote: Having a black out and can't locate the info on thisŠ I know its been a topic on here, so hopefully someone can snap me back to life. The goal is to send a script or simple command to be executed as the currently logged in user ­not as root. Anyone have the answer handy?

A launchd item placed in /Library/LaunchAgents will execute commands under
the current user. You can use it to call a more complex script that you've
stored somewhere.

Lingon is great for creating launchd items effortlessly.

--

William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492

I just want to say thanks for the information. I know there are several ways to get the user variable, but the one I used was /usr/bin/logname
I found that in one of the threads on this subject. Im posting my script below in case someone finds it helpful. I used this script to make a self service item to launch a script that pulls kerberos name/password to mount a drive.

#!/bin/bash

### Variables
user=/usr/bin/logname

### comment out to see values in Terminal
##echo "${user}"

### Functions

su ${user} /Library/Scripts/mount_at_login.sh

This is what I user for things like resetting Photoshop , Font Explorer to backing up Firefox bookmarks etc in Self Service

consoleuser=ls -l /dev/console | cut -d " " -f4

su - "${consoleuser}" -c 'command to run'

'/usr/bin/logname' sounds good, but it doesn't work when done through Casper Remote, and possibly some other methods, such as non Self Service policies. I just tried it quickly through Casper Remote and I got our Casper Suite service account returned as the result in every single case. I'd be careful where you use that.

Mine works 100%

Maybe not the best, but it's short and it works.

#!/bin/bash
#variable for storing the current users name
currentuser=`stat -f "%Su" /dev/console`

#substituting as user stored in variable to modify plist
su "$currentuser" -c "<command to run>"

Hi Tim,

Just a note to say I tried what you mentioned @ 7/18/12 at 1:00 PM & it's worked for me too!

sweet :)

Hey all,

Is there a way to run an entire script as the logged in user, as opposed to a command?

I'm trying to run the script as a Policy; Once per Day frequency, Re-occuring Check-In trigger. But it errors cause I guess the policy is running the script as Root so it fails like it should. Even from Remote it errors correctly.

If I call the policy from the client machine using a custom trigger within Terminal, it executes correctly.

The script lives in the JSS and not on the client machine. I know I can put the script locally and let it run with launchd but we are trying to use the JSS with its log reporting to find out if any failed, completed, etc..

#!/bin/bash

#Define variables
consoleUser=`ls -l /dev/console | cut -d " " -f4`
SOURCE_Folder=/Users/$consoleUser
localMOUNT=/Users/Shared/homeBakSource
userShortNames=(`ls -1 /Users`)
theFileServer=//my.server.company.com/Home%20Folders

#############################################################
################# Primary Sanity Checks #####################
#############################################################

### Check to see if a user is logged in.
### define an array of all items listed in the /Users folder
# for each user in the array
for user in ${userShortNames[@]}
    do
    if [ ! -z `/usr/bin/dscl . -list /users | grep $user` ];    then
        if [ “$consoleUser” == “$user” ];   then
            echo "We got a logged in user!! Let's continue."
        else
            echo "No one logged in. Aborting!"
            exit
        fi  
    fi
    done

### Check to see if the CLT are installed, if not exit.
if [ ! -d /Library/Developer/CommandLineTools ];    then
    echo "No Command Line Tools. Need to install. Aborting"
    exit
fi

### Check to see if rsync is installed where it should be
### We use the compiled version of rsync version 3.10 and
### not the Apple default which is 2.6.9 which is no longer
### supported.
if [ ! -f /usr/local/bin/rsync ];       then
    echo "The correct verison of rsync in not installed. Aborting!"
    exit
fi

### Check to see if the source folder exists. It should but it's wise to make
### a sanity check regardless.
if [ ! -d $SOURCE_Folder ];     then
    echo "Source home folder not available. Aborting"
    exit
fi

### Check to see if the folder for the mount point exists, if not lets make it.
if [ ! -d $localMOUNT ];    then
    mkdir $localMOUNT
fi

#############################################################
################ /Primary Sanity Checks #####################
#############################################################

#############################################################
############### Secondary Sanity Checks #####################
#############################################################

### We need a sanity check to make sure the mount point is available
if [ ! -d $localMOUNT ];    then
    echo "Could not find local mount point. Aborting."
    exit
else
### Let's mount the destination
mount -t smbfs $theFileServer/$consoleUser $localMOUNT
fi

#############################################################
############## /Secondary Sanity Checks #####################
#############################################################


### Execute the sync
/usr/local/bin/rsync -aNHxv --progress --delete $SOURCE_Folder $localMOUNT

sleep 2

umount $localMOUNT
rm -Rf $localMOUNT

@pvader same here , jamf ever answer your needs from 2014? if not what tool you using?

Hi.. I am no longer working in IT.. sorry, can't help you!
xoxoxo

@kahuna

take a look at outset. it's what most are using

Good thread - I needed something similar and thanks to tips here ended up using something like this in a script called by users as a Self Service item:

sudo -u $3 -i /path/to/binary --parameter $3 --destination /Users/$3/Desktop/$3 --verbose

@Sterritt : you're my hero. Thank you.