Running Policy ID Within JAMF Helper

sepiemoini
Contributor III
Contributor III

JAMF Nation folks! I am looking to run a policy within my JAMF Helper script based on the end user's input. Note that most users will not have administrative privileges so this needs to run on standard accounts. Please have a look below and let me know if this is possible.

#!/bin/bash

/usr/bin/curl -s -o /tmp/elcapitan_icon.png http://assets.materialup.com/uploads/ec819071-7140-4c6d-89ac-81b712642fcb/512x512bb-85.png
loggedInUser=$(stat -f%Su /dev/console)
jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
windowType="hud"
description="Your <CompanyName>-issued computer is not currently running the latest OS X version. To perform the update, select 'UPDATE' below and the security update will begin to run. Once complete, you will be prompted to restart immediately. If you are unable to perform this update at the moment, please select 'Cancel.'

*Please save all working documents before selecting 'UPDATE.'

If you require assistance, please contact the Helpdesk by phone at <PhoneNumber> or by email at <EmailAddress>."

button1="UPDATE"
button2="Cancel"
icon="/tmp/elcapitan_icon.png"
title="Update Available: Install OS X El Capitan"
alignDescription="left" 
alignHeading="center"
defaultButton="2"
cancelButton="2"
timeout="300"

userChoice=$("$jamfHelper" -windowType "$windowType" -lockHUD -title "$title" -timeout "$timeout" -defaultButton "$defaultButton" -cancelButton "$cancelButton" -icon "$icon" -description "$description" -alignDescription "$alignDescription" -alignHeading "$alignHeading" -button1 "$button1" -button2 "$button2")

if [ "$userChoice" == "0" ]; then
    echo "User clicked UPDATE; now running OS X El Capitan Installer via JSS policy ID 547."
    /bin/launchctl asuser $(id -u $loggedInUser) sudo -iu $loggedInUser "jamf policy -id 547"
elif [ "$userChoice" == "2" ]; then
    echo "User clicked Cancel or timeout was reached; now exiting."
    exit 0    
fi

The problematic line is this:

/bin/launchctl asuser $(id -u $loggedInUser) sudo -iu $loggedInUser "jamf policy -id 547"

I am effectively just trying to run "sudo jamf policy -id 547" but for reasons that are fairly obvious, I am unable to. Is there a way around this without using Self Service?

1 ACCEPTED SOLUTION

mm2270
Legendary Contributor III

You don't need to try running the policy as the user, which is what you're doing. It still requires root to run any policy so that process would never work. Just simply call the policy using sudo jamf policy -id 547 normally. There shouldn't be a need to wrap it in a launchctl asuser syntax like that.

The only time it's relevant to run a policy as the logged in user is if it's designed as a login or logout policy, otherwise just call it normally by its id.

View solution in original post

2 REPLIES 2

mm2270
Legendary Contributor III

You don't need to try running the policy as the user, which is what you're doing. It still requires root to run any policy so that process would never work. Just simply call the policy using sudo jamf policy -id 547 normally. There shouldn't be a need to wrap it in a launchctl asuser syntax like that.

The only time it's relevant to run a policy as the logged in user is if it's designed as a login or logout policy, otherwise just call it normally by its id.

sepiemoini
Contributor III
Contributor III

@mm2270 Yup! I'm all set, this post took a bit to get published--unclear why. Regardless, thanks for the feedback!