Skip to main content
Question

run script as logged in user, not as root


Having a black out and can't locate the info on this… I know its been a topic on here, so hopefully someone can snap me back to life.
The goal is to send a script or simple command to be executed as the currently logged in user –not as root.

Anyone have the answer handy?

Nick Caro Senior Desktop Support Administrator

Phone +1 212-839-1587 Fax 212-946-4010 nick.caro at rga.com<mailto:nick.caro at rga.com>

R/GA 350 West 39th Street New York, NY 10018
www.rga.com<http://www.rga.com/> www.twitter.com/rga<http://www.twitter.com/rga> www.facebook.com/rga<http://www.facebook.com/rga>

The Agency for the Digital Age™

21 replies

Forum|alt.badge.img+24
  • Valued Contributor
  • 1892 replies
  • June 2, 2011

Get the owner of /dev/console and sudo -U of that user.

j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436


  • 0 replies
  • June 2, 2011

Not sure what exactly you're trying to accomplish, but

`who | grep "console" | cut -d" " -f1`

Will get you the shortname of the currently logged in user.

Bob


  • 0 replies
  • June 2, 2011

I want to launch a widget as the current logged in user

Nick Caro Senior Desktop Support Administrator


Forum|alt.badge.img+31
  • Honored Contributor
  • 2721 replies
  • June 2, 2011

If you are running it as a log in policy I believe $3 will return the
current user. If you are using the built in apple tools from the login
window to run a script at log in, $1 will return the current user. If
you are deploying something as a user agent in ~/Library/LaunchAgents
$USER will return the currently logged in user. If you are triggering a
policy via self service in a user session detecting ownership of
/dev/console will give you the current user.


Forum|alt.badge.img+31
  • Honored Contributor
  • 2721 replies
  • June 2, 2011

You may want to make this a user agent then, or look at sudo -u
$currentuser open -a /path/to/widget where $currentuser would be a
command to grab the currently logged in user.

Alternatively you can package up all widgets and put them in
/Library/Widgets and any user can launch them from the dashboard.


  • 0 replies
  • June 2, 2011

Thank you!

Nick Caro Senior Desktop Support Administrator


bentoms
Forum|alt.badge.img+35
  • Legendary Contributor
  • 4331 replies
  • June 2, 2011

Depending on what you're trying to achieve you could run a launch agent, that calls a script.

I've an AppleScript app that mounts drives & printers depending on ad group membership. This app is launched from a launchagent @ login.

Regards,

Ben.


talkingmoose
Forum|alt.badge.img+36
  • Community Manager
  • 1900 replies
  • June 2, 2011
On 6/2/11 10:14 AM, "Nick Caro" <Nick.Caro at rga.com> wrote: Having a black out and can't locate the info on thisŠ I know its been a topic on here, so hopefully someone can snap me back to life. The goal is to send a script or simple command to be executed as the currently logged in user ­not as root. Anyone have the answer handy?

A launchd item placed in /Library/LaunchAgents will execute commands under
the current user. You can use it to call a more complex script that you've
stored somewhere.

Lingon is great for creating launchd items effortlessly.

--

William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492


Forum|alt.badge.img+3
  • New Contributor
  • 6 replies
  • July 18, 2012

I just want to say thanks for the information. I know there are several ways to get the user variable, but the one I used was /usr/bin/logname
I found that in one of the threads on this subject. Im posting my script below in case someone finds it helpful. I used this script to make a self service item to launch a script that pulls kerberos name/password to mount a drive.

#!/bin/bash

### Variables
user=/usr/bin/logname

### comment out to see values in Terminal
##echo "${user}"

### Functions

su ${user} /Library/Scripts/mount_at_login.sh


Forum|alt.badge.img+21
  • Honored Contributor
  • 970 replies
  • July 18, 2012

This is what I user for things like resetting Photoshop , Font Explorer to backing up Firefox bookmarks etc in Self Service

consoleuser=ls -l /dev/console | cut -d " " -f4

su - "${consoleuser}" -c 'command to run'


mm2270
Forum|alt.badge.img+16
  • Legendary Contributor
  • 7880 replies
  • July 18, 2012

'/usr/bin/logname' sounds good, but it doesn't work when done through Casper Remote, and possibly some other methods, such as non Self Service policies. I just tried it quickly through Casper Remote and I got our Casper Suite service account returned as the result in every single case. I'd be careful where you use that.


Forum|alt.badge.img+21
  • Honored Contributor
  • 970 replies
  • July 18, 2012

Mine works 100%


Forum|alt.badge.img+13

Maybe not the best, but it's short and it works.

#!/bin/bash
#variable for storing the current users name
currentuser=`stat -f "%Su" /dev/console`

#substituting as user stored in variable to modify plist
su "$currentuser" -c "<command to run>"

bentoms
Forum|alt.badge.img+35
  • Legendary Contributor
  • 4331 replies
  • April 12, 2013

Hi Tim,

Just a note to say I tried what you mentioned @ 7/18/12 at 1:00 PM & it's worked for me too!


Forum|alt.badge.img+21
  • Honored Contributor
  • 970 replies
  • April 12, 2013

sweet :)


Forum|alt.badge.img+10
  • Contributor
  • 118 replies
  • November 24, 2014

Hey all,

Is there a way to run an entire script as the logged in user, as opposed to a command?

I'm trying to run the script as a Policy; Once per Day frequency, Re-occuring Check-In trigger. But it errors cause I guess the policy is running the script as Root so it fails like it should. Even from Remote it errors correctly.

If I call the policy from the client machine using a custom trigger within Terminal, it executes correctly.

The script lives in the JSS and not on the client machine. I know I can put the script locally and let it run with launchd but we are trying to use the JSS with its log reporting to find out if any failed, completed, etc..

#!/bin/bash

#Define variables
consoleUser=`ls -l /dev/console | cut -d " " -f4`
SOURCE_Folder=/Users/$consoleUser
localMOUNT=/Users/Shared/homeBakSource
userShortNames=(`ls -1 /Users`)
theFileServer=//my.server.company.com/Home%20Folders

#############################################################
################# Primary Sanity Checks #####################
#############################################################

### Check to see if a user is logged in.
### define an array of all items listed in the /Users folder
# for each user in the array
for user in ${userShortNames[@]}
    do
    if [ ! -z `/usr/bin/dscl . -list /users | grep $user` ];    then
        if [ “$consoleUser” == “$user” ];   then
            echo "We got a logged in user!! Let's continue."
        else
            echo "No one logged in. Aborting!"
            exit
        fi  
    fi
    done

### Check to see if the CLT are installed, if not exit.
if [ ! -d /Library/Developer/CommandLineTools ];    then
    echo "No Command Line Tools. Need to install. Aborting"
    exit
fi

### Check to see if rsync is installed where it should be
### We use the compiled version of rsync version 3.10 and
### not the Apple default which is 2.6.9 which is no longer
### supported.
if [ ! -f /usr/local/bin/rsync ];       then
    echo "The correct verison of rsync in not installed. Aborting!"
    exit
fi

### Check to see if the source folder exists. It should but it's wise to make
### a sanity check regardless.
if [ ! -d $SOURCE_Folder ];     then
    echo "Source home folder not available. Aborting"
    exit
fi

### Check to see if the folder for the mount point exists, if not lets make it.
if [ ! -d $localMOUNT ];    then
    mkdir $localMOUNT
fi

#############################################################
################ /Primary Sanity Checks #####################
#############################################################

#############################################################
############### Secondary Sanity Checks #####################
#############################################################

### We need a sanity check to make sure the mount point is available
if [ ! -d $localMOUNT ];    then
    echo "Could not find local mount point. Aborting."
    exit
else
### Let's mount the destination
mount -t smbfs $theFileServer/$consoleUser $localMOUNT
fi

#############################################################
############## /Secondary Sanity Checks #####################
#############################################################


### Execute the sync
/usr/local/bin/rsync -aNHxv --progress --delete $SOURCE_Folder $localMOUNT

sleep 2

umount $localMOUNT
rm -Rf $localMOUNT

Forum|alt.badge.img+1
  • New Contributor
  • 3 replies
  • January 11, 2019

@pvader same here , jamf ever answer your needs from 2014? if not what tool you using?


Forum|alt.badge.img+10
  • Contributor
  • 118 replies
  • January 12, 2019

Hi.. I am no longer working in IT.. sorry, can't help you!
xoxoxo


Forum|alt.badge.img+13
  • Honored Contributor
  • 550 replies
  • January 12, 2019

@kahuna

take a look at outset. it's what most are using


Forum|alt.badge.img+10
  • Valued Contributor
  • 230 replies
  • April 26, 2019

Good thread - I needed something similar and thanks to tips here ended up using something like this in a script called by users as a Self Service item:

sudo -u $3 -i /path/to/binary --parameter $3 --destination /Users/$3/Desktop/$3 --verbose

bradtchapman
Forum|alt.badge.img+20
  • Valued Contributor
  • 588 replies
  • May 2, 2019

@Sterritt : you're my hero. Thank you.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings