Jamf Nation Community

rapa · ‎01-02-2018

Hi folks

I have tinkered with an Apple Script until it successfully "automagically" creates an eMail signature for MS Outlook that pulls some of it's data directly from our Active Directory.

When launched manually it works like a charm.

Now what I would like to do is to expose this script via SelfService to our users. However it doesn't seem to work as presumably the script will not run in the security context of the local user.

Is there an easy way to get the script to run in the context of the local mac user ?

Any insight would be appreciated.

anverhousseini · ‎01-02-2018

You will have to export the function to make it available to the subshell:

#!/bin/bash

function helloworld() {
    osascript <<EOD
        say "Hello World"
EOD
}

export -f "helloworld"

currentuser=$(scutil <<< "show State:/Users/ConsoleUser" | awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}')

su "${currentuser}" -c "helloworld"

View solution in original post

anverhousseini · ‎01-02-2018

You can use something like this:

#!/bin/bash

currentUser=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')

su -l "${currentUser}" -c 'echo "Hello World!"'

rapa · ‎01-02-2018

Thanx for your response!

Am I right in assuming, that this still requires the user to type his password ?

And if "Yes" is there no way around it?

Cheers

anverhousseini · ‎01-02-2018

No, the user does not have to type in his password.

rapa · ‎01-02-2018

Should have read the su man page first ...

... derp.

rapa · ‎01-02-2018

I am relatively new to scripting under macOS so forgive me if the answer/error is obvious ...

Should something like this work ?

'#!/bin/bash function generate_sig { osascript <<EOD '###Here goes my Apple Script# EOD } currentUser=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + " ");') su -l "${currentUser}" -c 'generate_sig'

anverhousseini · ‎01-02-2018

You will have to export the function to make it available to the subshell:

#!/bin/bash

function helloworld() {
    osascript <<EOD
        say "Hello World"
EOD
}

export -f "helloworld"

currentuser=$(scutil <<< "show State:/Users/ConsoleUser" | awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}')

su "${currentuser}" -c "helloworld"

rapa · ‎01-02-2018

AWESOME! You made my day.

Thanx a lot!

sim_brar · ‎02-02-2020

@anverhousseini The example that you provided does not seem to work for me. Even if the su "${currentuser}" -c "helloworld" is updated to su "${currentuser}" -c "bash -c helloworld" to account for zsh in 10.15, the following output is presented: bash: helloworld: command not found. Any ideas?

dpratl · ‎11-03-2021

Hi @sim_brar,

took me some time, and maybe you already figured it out (old post ;)) but you have to call the exported function like that

su $loggedinuser -c "$(helloworld)"

so with $()

As an additonal information: if you want to use -e with osascript you cannot do that like that in a function

function myfunction() {
	osascript -e <<EOD
    	tell application "Microsoft Word" to open file "filepath"
EOD
}

You have to define a variable like "bar" and call it in the function:

bar=e

function myfunction() {
	osascript - "$bar" <<EOD
    	tell application "Microsoft Word" to open file "filepath"
EOD
}

BR
Daniel

Jamf Nation Community

Running Scripts in local user security Context via Self Service