running a login triggered script as the user and not root

cgeorge
New Contributor III

I'm been experimenting with some scripts that we want to run at each user's log in. We're using Outset to handle them now, but it's been unreliable for us and seems to break part way through our semester, every semester. In light of that, I've been exploring new ways to get our users files and other things set up for them.

I've had luck calling scripts using Jamf's Login Trigger, but the commands in the script are processed as a root user, not the currently logged in user, which causes the scripts to fail. I've found some documented fixes, but they're from previous less secure OSes and earlier versions of Jamf/Casper and I'm not sure they'd be successful under Ventura.

Does anyone have some suggestions on getting the scripts ran as the user at login? Should I be going down the launchd rabbit hole?

2 ACCEPTED SOLUTIONS

shannon_pasto
Contributor II

Hi. Yes, you can use LaunchAgents for this. 

man launchd.plist

View solution in original post

AJPinto
Esteemed Contributor

The most direct approach is to use a LaunchAgent. That would run locally on the device as the user logs in, as the user themselves.

 

Depending on what the scripts are doing there may be other, and potentially better options.

View solution in original post

6 REPLIES 6

YanW
Contributor III

Will THIS work?

shannon_pasto
Contributor II

Hi. Yes, you can use LaunchAgents for this. 

man launchd.plist

A_Collins
Contributor

I am not sure what is getting broken by running commands as root. Because root can do anything which user can do. For instance if you copy file with root to ~/Desktop, obviously it does not copy where you wanted. You can just get the logged in user 

loggedinuser=`defaults read /Library/Preferences/com.apple.loginwindow lastUserName`

then you can copy /Users/$loggedinuser/Desktop

shannon_pasto
Contributor II

If you copy something to a user's Desktop as root don't forget to change the permissions. Can be easier with a LaunchAgent as they run as the user

AJPinto
Esteemed Contributor

The most direct approach is to use a LaunchAgent. That would run locally on the device as the user logs in, as the user themselves.

 

Depending on what the scripts are doing there may be other, and potentially better options.

cgeorge
New Contributor III

Thanks everyone, a launchagent works perfectly for what i needed it to do, which was process to dockutil, desktoppr, and com.apple.finder commands. I ended up using launchd Package Creator to make the agent, and it worked without much fuss.