run script as logged in user, not as root

Not applicable

Having a black out and can't locate the info on this… I know its been a topic on here, so hopefully someone can snap me back to life.
The goal is to send a script or simple command to be executed as the currently logged in user –not as root.

Anyone have the answer handy?

Nick Caro Senior Desktop Support Administrator

Phone +1 212-839-1587 Fax 212-946-4010 nick.caro at rga.com<mailto:nick.caro at rga.com>

R/GA 350 West 39th Street New York, NY 10018
www.rga.com<http://www.rga.com/> www.twitter.com/rga<http://www.twitter.com/rga> www.facebook.com/rga<http://www.facebook.com/rga>

The Agency for the Digital Age™

21 REPLIES 21

jarednichols
Honored Contributor

Get the owner of /dev/console and sudo -U of that user.

j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

Not applicable

Not sure what exactly you're trying to accomplish, but

`who | grep "console" | cut -d" " -f1`

Will get you the shortname of the currently logged in user.

Bob

Not applicable

I want to launch a widget as the current logged in user

Nick Caro Senior Desktop Support Administrator

tlarkin
Honored Contributor

If you are running it as a log in policy I believe $3 will return the
current user. If you are using the built in apple tools from the login
window to run a script at log in, $1 will return the current user. If
you are deploying something as a user agent in ~/Library/LaunchAgents
$USER will return the currently logged in user. If you are triggering a
policy via self service in a user session detecting ownership of
/dev/console will give you the current user.

tlarkin
Honored Contributor

You may want to make this a user agent then, or look at sudo -u
$currentuser open -a /path/to/widget where $currentuser would be a
command to grab the currently logged in user.

Alternatively you can package up all widgets and put them in
/Library/Widgets and any user can launch them from the dashboard.

Not applicable

Thank you!

Nick Caro Senior Desktop Support Administrator

bentoms
Honored Contributor III
Honored Contributor III

Depending on what you're trying to achieve you could run a launch agent, that calls a script.

I've an AppleScript app that mounts drives & printers depending on ad group membership. This app is launched from a launchagent @ login.

Regards,

Ben.

talkingmoose
Honored Contributor II
On 6/2/11 10:14 AM, "Nick Caro" <Nick.Caro at rga.com> wrote: Having a black out and can't locate the info on thisŠ I know its been a topic on here, so hopefully someone can snap me back to life. The goal is to send a script or simple command to be executed as the currently logged in user ­not as root. Anyone have the answer handy?

A launchd item placed in /Library/LaunchAgents will execute commands under
the current user. You can use it to call a more complex script that you've
stored somewhere.

Lingon is great for creating launchd items effortlessly.

--

William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492

youngmk
New Contributor

I just want to say thanks for the information. I know there are several ways to get the user variable, but the one I used was /usr/bin/logname
I found that in one of the threads on this subject. Im posting my script below in case someone finds it helpful. I used this script to make a self service item to launch a script that pulls kerberos name/password to mount a drive.

#!/bin/bash

### Variables
user=/usr/bin/logname

### comment out to see values in Terminal
##echo "${user}"

### Functions

su ${user} /Library/Scripts/mount_at_login.sh

tkimpton
Valued Contributor II

This is what I user for things like resetting Photoshop , Font Explorer to backing up Firefox bookmarks etc in Self Service

consoleuser=ls -l /dev/console | cut -d " " -f4

su - "${consoleuser}" -c 'command to run'

mm2270
Legendary Contributor II

'/usr/bin/logname' sounds good, but it doesn't work when done through Casper Remote, and possibly some other methods, such as non Self Service policies. I just tried it quickly through Casper Remote and I got our Casper Suite service account returned as the result in every single case. I'd be careful where you use that.

tkimpton
Valued Contributor II

Mine works 100%

jacob_salmela
Contributor II

Maybe not the best, but it's short and it works.

#!/bin/bash
#variable for storing the current users name
currentuser=`stat -f "%Su" /dev/console`

#substituting as user stored in variable to modify plist
su "$currentuser" -c "<command to run>"

bentoms
Honored Contributor III
Honored Contributor III

Hi Tim,

Just a note to say I tried what you mentioned @ 7/18/12 at 1:00 PM & it's worked for me too!

tkimpton
Valued Contributor II

sweet :)

ToriAnneke
Contributor II

Hey all,

Is there a way to run an entire script as the logged in user, as opposed to a command?

I'm trying to run the script as a Policy; Once per Day frequency, Re-occuring Check-In trigger. But it errors cause I guess the policy is running the script as Root so it fails like it should. Even from Remote it errors correctly.

If I call the policy from the client machine using a custom trigger within Terminal, it executes correctly.

The script lives in the JSS and not on the client machine. I know I can put the script locally and let it run with launchd but we are trying to use the JSS with its log reporting to find out if any failed, completed, etc..

#!/bin/bash

#Define variables
consoleUser=`ls -l /dev/console | cut -d " " -f4`
SOURCE_Folder=/Users/$consoleUser
localMOUNT=/Users/Shared/homeBakSource
userShortNames=(`ls -1 /Users`)
theFileServer=//my.server.company.com/Home%20Folders

#############################################################
################# Primary Sanity Checks #####################
#############################################################

### Check to see if a user is logged in.
### define an array of all items listed in the /Users folder
# for each user in the array
for user in ${userShortNames[@]}
    do
    if [ ! -z `/usr/bin/dscl . -list /users | grep $user` ];    then
        if [ “$consoleUser” == “$user” ];   then
            echo "We got a logged in user!! Let's continue."
        else
            echo "No one logged in. Aborting!"
            exit
        fi  
    fi
    done

### Check to see if the CLT are installed, if not exit.
if [ ! -d /Library/Developer/CommandLineTools ];    then
    echo "No Command Line Tools. Need to install. Aborting"
    exit
fi

### Check to see if rsync is installed where it should be
### We use the compiled version of rsync version 3.10 and
### not the Apple default which is 2.6.9 which is no longer
### supported.
if [ ! -f /usr/local/bin/rsync ];       then
    echo "The correct verison of rsync in not installed. Aborting!"
    exit
fi

### Check to see if the source folder exists. It should but it's wise to make
### a sanity check regardless.
if [ ! -d $SOURCE_Folder ];     then
    echo "Source home folder not available. Aborting"
    exit
fi

### Check to see if the folder for the mount point exists, if not lets make it.
if [ ! -d $localMOUNT ];    then
    mkdir $localMOUNT
fi

#############################################################
################ /Primary Sanity Checks #####################
#############################################################

#############################################################
############### Secondary Sanity Checks #####################
#############################################################

### We need a sanity check to make sure the mount point is available
if [ ! -d $localMOUNT ];    then
    echo "Could not find local mount point. Aborting."
    exit
else
### Let's mount the destination
mount -t smbfs $theFileServer/$consoleUser $localMOUNT
fi

#############################################################
############## /Secondary Sanity Checks #####################
#############################################################


### Execute the sync
/usr/local/bin/rsync -aNHxv --progress --delete $SOURCE_Folder $localMOUNT

sleep 2

umount $localMOUNT
rm -Rf $localMOUNT

kahuna
New Contributor II

@pvader same here , jamf ever answer your needs from 2014? if not what tool you using?

ToriAnneke
Contributor II

Hi.. I am no longer working in IT.. sorry, can't help you!
xoxoxo

Nix4Life
Valued Contributor

@kahuna

take a look at outset. it's what most are using

gabester
Contributor III

Good thread - I needed something similar and thanks to tips here ended up using something like this in a script called by users as a Self Service item:

sudo -u $3 -i /path/to/binary --parameter $3 --destination /Users/$3/Desktop/$3 --verbose

bradtchapman
Valued Contributor II

@Sterritt : you're my hero. Thank you.