Run script as root via LaunchAgent at login

tuinte
Contributor III

I'm looking to run the command "jamf policy -event UserConfig" via a LaunchAgent. Here's the relevant bit of the LaunchAgent:

<key>ProgramArguments</key>
<array>
       <string>/usr/local/bin/jamf</string>
       <string>policy</string>
       <string>-event</string>
       <string>UserConfig</string>
</array>

The last of the policies triggered by UserConfig deletes the LaunchAgent for that user so it only runs once.

But LaunchAgents are run as the user, and the jamf binary requires root. So I can add a sudo, but most users are not members of sudoers, so that too would not work.

Is there a way around this? I'm finding the login/logout hooks unreliable.

Appreciate any insight.

EDIT: My title... is... not what I'm asking. Why/how did I write that?

4 REPLIES 4

Nix4Life
Valued Contributor

take a look at outset

Look
Valued Contributor III

What version of JAMF are you on, we have very few issues these days with the login/logout hooks and I use them quite often for what look like similar purposes to what your trying to do (branding, docks, network shares, and a few other sundry tasks...).
I use flag files in general, so the policies do run every login, but they skip out immediately on detection of the flag without doing anything.

talkingmoose
Moderator
Moderator

I'm curious why you're trying to do this with a Launch Agent. Why not set the policy to run once per user or once per user per computer?

tuinte
Contributor III

@talkingmoose @Look We have a policy triggering UserConfig at login, once per user per computer, but it's failing to run at login. Logs show similar to here: https://www.jamf.com/jamf-nation/discussions/23059/error-domain-com-jamf-jamf-security-error-code-50.

Jamf 10. Clients are 10.12-10.13.

My understanding was this was a common problem (login trigger not working). Not so?