Skip to main content
Solved

running a login triggered script as the user and not root


cgeorge
Forum|alt.badge.img+5

I'm been experimenting with some scripts that we want to run at each user's log in. We're using Outset to handle them now, but it's been unreliable for us and seems to break part way through our semester, every semester. In light of that, I've been exploring new ways to get our users files and other things set up for them.

I've had luck calling scripts using Jamf's Login Trigger, but the commands in the script are processed as a root user, not the currently logged in user, which causes the scripts to fail. I've found some documented fixes, but they're from previous less secure OSes and earlier versions of Jamf/Casper and I'm not sure they'd be successful under Ventura.

Does anyone have some suggestions on getting the scripts ran as the user at login? Should I be going down the launchd rabbit hole?

Best answer by shannon_pasto

Hi. Yes, you can use LaunchAgents for this. 

man launchd.plist
View original
Did this topic help you find an answer to your question?

6 replies

YanW
Forum|alt.badge.img+11
  • Contributor
  • 180 replies
  • January 12, 2023

Will THIS work?


Forum|alt.badge.img+8
  • Contributor
  • 96 replies
  • Answer
  • January 12, 2023

Hi. Yes, you can use LaunchAgents for this. 

man launchd.plist

A_Collins
Forum|alt.badge.img+11
  • Contributor
  • 85 replies
  • January 13, 2023

I am not sure what is getting broken by running commands as root. Because root can do anything which user can do. For instance if you copy file with root to ~/Desktop, obviously it does not copy where you wanted. You can just get the logged in user 

loggedinuser=`defaults read /Library/Preferences/com.apple.loginwindow lastUserName`

then you can copy /Users/$loggedinuser/Desktop


Forum|alt.badge.img+8

If you copy something to a user's Desktop as root don't forget to change the permissions. Can be easier with a LaunchAgent as they run as the user


AJPinto
Forum|alt.badge.img+26
  • Legendary Contributor
  • 2725 replies
  • January 13, 2023

The most direct approach is to use a LaunchAgent. That would run locally on the device as the user logs in, as the user themselves.

 

Depending on what the scripts are doing there may be other, and potentially better options.


cgeorge
Forum|alt.badge.img+5
  • Author
  • Contributor
  • 30 replies
  • January 13, 2023

Thanks everyone, a launchagent works perfectly for what i needed it to do, which was process to dockutil, desktoppr, and com.apple.finder commands. I ended up using launchd Package Creator to make the agent, and it worked without much fuss. 


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings