Skip to main content
Solved

Running Entire Script as Logged In User

  • June 22, 2022
  • 14 replies
  • 126 views
adl-gavinator
Forum|alt.badge.img+4

Hi all,

 

I have the following script which I would like to deploy via Jamf Pro at Enrolment:

 

#!/bin/sh
rm -rf "/Users/$USER/Templates/PPT"
curl "https://xxx.blob.core.windows.net/XXXX/XXX-PPT-Templates.zip" --create-dirs -o "/Users/$USER/Templates/PPT/XXX-PPT-Templates.zip"
echo "Unpacking..."
tar xvf "/Users/$USER/Templates/PPT/XXX-PPT-Templates.zip" -C "/Users/$USER/Templates/PPT/"
echo "Cleaning..."
rm "/Users/$USER/Templates/PPT/ADL-PPT-Templates.zip"

The purpose of the script is to deploy Microsoft Office templates to end users Mac's.  For the Windows estate we have a tool called Upslide which works well however they dont have a MacOS version just yet.  This is why we would like to distribute them in this way.  Unless there is a better option out there in Jamf Pro?

 

We are using DepNotify and are calling this script at Enrolment time using a custom trigger.  When the script runs I see the "Templates" folder is created in the /Users/root directory.  This is expected since all scripts run as root from Jamf Pro.  It seems very strange that Jamf Pro doesnt allow for running a script as the logged in user.  We are moving away from Intune for MacOS management because of their lack of MacOS options.  But this is something I could achieve easily in Intune.  See below the option for deploying a script to MacOS from Intune:

 

 

 

 

Best answer by talkingmoose

 

 

 


You’ll need to create the folder structure there yourself. Also, don’t worry if you’re not using Office 365. It’s for all licensed versions of Office for Mac.

    14 replies

    Q
    Forum|alt.badge.img+8
    • Qwheel
    • Valued Contributor
    • June 22, 2022

    Maybe deploy the script to /var/tmp using composer.

    Then trigger it from JAMF like this at login/recurring:

    CURRENT_USER=$(/usr/bin/stat -f "%Su" /dev/console)

    sudo -H -u $CURRENT_USER bash -c '/private/var/tmp/script.sh'

    Might need to check the -c option again, and adjust the shell accordingly. Maybe check the .she has executable permissions for the staff group.

     

    Could get really fancy and use conditional statements to check if they already have the templates in location already.

    Q
    Forum|alt.badge.img+8
    • Qwheel
    • Valued Contributor
    • June 22, 2022

    On another note, I remember I had some issues with our auto mount of a NAS as MacOS got newer.

    I think I cheated JAMF into running an Osascript as current user by having it in its own policy with a custom trigger, set to ‘Ongoing’.

     

    The actual script that runs calls:

    sudo JAMF policy -trigger triggerName

    In the console application on the device it looks like “looking to run ‘policy’ as ‘user’”

     

    Yeah, probably the wrong way to go about it, but it did the trick… so happy days.

     

    Last note: I always had issues with using $USER, so switched to the one above ($CURRENT_USER) to assure that part actually works.

     

     

    adl-gavinator
    Forum|alt.badge.img+4
    • adl-gavinator
    • Author
    • Contributor
    • June 22, 2022

    Maybe deploy the script to /var/tmp using composer.

    Then trigger it from JAMF like this at login/recurring:

    CURRENT_USER=$(/usr/bin/stat -f "%Su" /dev/console)

    sudo -H -u $CURRENT_USER bash -c '/private/var/tmp/script.sh'

    Might need to check the -c option again, and adjust the shell accordingly. Maybe check the .she has executable permissions for the staff group.

     

    Could get really fancy and use conditional statements to check if they already have the templates in location already.


    Thanks @Qwheel!  Sorry if I'm sounding like a noob here but how would you do that in Composer?  Do you mean to build a package with the script inside?

    Q
    Forum|alt.badge.img+8
    • Qwheel
    • Valued Contributor
    • June 22, 2022

    Thanks @Qwheel!  Sorry if I'm sounding like a noob here but how would you do that in Composer?  Do you mean to build a package with the script inside?


    That’s the one ;)

    plonk the script in /var/tmp

    adl-gavinator
    Forum|alt.badge.img+4
    • adl-gavinator
    • Author
    • Contributor
    • June 22, 2022

    That’s the one ;)

    plonk the script in /var/tmp


    Cool.  Will give it a try now. 

    talkingmoose
    Forum|alt.badge.img+36
    • talkingmoose
    • Community Manager
    • June 22, 2022

    There's no need to run a script to deploy Office templates to user home folders. Deploy them instead to '/Library/Application Support/Microsoft/Office365/User Content.localized/' for all users of the computer.

    See this document:

    https://macadmins.software/docs/UserContentIn2016.pdf

    aparten11
    adl-gavinator
    adl-gavinator
    Forum|alt.badge.img+4
    • adl-gavinator
    • Author
    • Contributor
    • June 22, 2022

    There's no need to run a script to deploy Office templates to user home folders. Deploy them instead to '/Library/Application Support/Microsoft/Office365/User Content.localized/' for all users of the computer.

    See this document:

    https://macadmins.software/docs/UserContentIn2016.pdf


    Hi @talkingmoose the folder /Library/Application Support/Microsoft/Office365/User Content.localized/...  does not exist on my test machine where I have Office installed.  The only folder in there is something called MAU2.0.

    adl-gavinator
    Forum|alt.badge.img+4
    • adl-gavinator
    • Author
    • Contributor
    • June 22, 2022

    There's no need to run a script to deploy Office templates to user home folders. Deploy them instead to '/Library/Application Support/Microsoft/Office365/User Content.localized/' for all users of the computer.

    See this document:

    https://macadmins.software/docs/UserContentIn2016.pdf


     

     

     

    stevewood
    Forum|alt.badge.img+38
    • stevewood
    • Hall of Fame
    • June 22, 2022

    Maybe deploy the script to /var/tmp using composer.

    Then trigger it from JAMF like this at login/recurring:

    CURRENT_USER=$(/usr/bin/stat -f "%Su" /dev/console)

    sudo -H -u $CURRENT_USER bash -c '/private/var/tmp/script.sh'

    Might need to check the -c option again, and adjust the shell accordingly. Maybe check the .she has executable permissions for the staff group.

     

    Could get really fancy and use conditional statements to check if they already have the templates in location already.


    If you plan to use the content on a recurring nature, so that it is available fore the script to run after a restart, then you do not want to store in any 'tmp' folder. I would suggest creating a folder somewhere, like in /var or in /Library, that is specific to your org and storing there. The contents of a 'tmp' folder may get deleted on reboot.

    aparten11
    talkingmoose
    Forum|alt.badge.img+36
    • talkingmoose
    • Community Manager
    • Answer
    • June 22, 2022

     

     

     


    You’ll need to create the folder structure there yourself. Also, don’t worry if you’re not using Office 365. It’s for all licensed versions of Office for Mac.

    aparten11
    stevewood
    Forum|alt.badge.img+38
    • stevewood
    • Hall of Fame
    • June 22, 2022

     

     

     


    If you create the folder structure, the O365 applications should respect it. So, create the /Library/Application Support/Microsoft/Office365/User Content.localized/Templates folder and deploy your templates there.

    aparten11
    adl-gavinator
    Forum|alt.badge.img+4
    • adl-gavinator
    • Author
    • Contributor
    • June 22, 2022

    Ok I will do some testing and come back to you guys.  Thanks for the help and clarification. :)

    adl-gavinator
    Forum|alt.badge.img+4
    • adl-gavinator
    • Author
    • Contributor
    • June 22, 2022

    So I have created the folder structure and deployed the templates there but Word is not picking them up?  Are they supposed to appear in the Personal section or Work section in Word when you click New?  Maybe Office needs permissions to the new folder structure or something?  

    adl-gavinator
    Forum|alt.badge.img+4
    • adl-gavinator
    • Author
    • Contributor
    • June 22, 2022

    Nevermind.  Used a chmod 555 command and this is now working!  Great help @stevewood @talkingmoose !

    aparten11
    Terms & ConditionsCookie settingsAccessibility statement