Running Scripts in local user security Context via Self Service

rapa
New Contributor II

Hi folks

I have tinkered with an Apple Script until it successfully "automagically" creates an eMail signature for MS Outlook that pulls some of it's data directly from our Active Directory.

When launched manually it works like a charm.

Now what I would like to do is to expose this script via SelfService to our users. However it doesn't seem to work as presumably the script will not run in the security context of the local user.

Is there an easy way to get the script to run in the context of the local mac user ?

Any insight would be appreciated.

1 ACCEPTED SOLUTION

anverhousseini
Contributor II
Contributor II

You will have to export the function to make it available to the subshell:

#!/bin/bash

function helloworld() {
    osascript <<EOD
        say "Hello World"
EOD
}

export -f "helloworld"

currentuser=$(scutil <<< "show State:/Users/ConsoleUser" | awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}')

su "${currentuser}" -c "helloworld"

View solution in original post

9 REPLIES 9

anverhousseini
Contributor II
Contributor II

You can use something like this:

#!/bin/bash

currentUser=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')

su -l "${currentUser}" -c 'echo "Hello World!"'

rapa
New Contributor II

Thanx for your response!

Am I right in assuming, that this still requires the user to type his password ?

And if "Yes" is there no way around it?

Cheers

anverhousseini
Contributor II
Contributor II

No, the user does not have to type in his password.

rapa
New Contributor II

Should have read the su man page first ...

... derp.

rapa
New Contributor II

I am relatively new to scripting under macOS so forgive me if the answer/error is obvious ...

Should something like this work ?

'#!/bin/bash function generate_sig { osascript <<EOD '###Here goes my Apple Script# EOD } currentUser=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + " ");') su -l "${currentUser}" -c 'generate_sig'

anverhousseini
Contributor II
Contributor II

You will have to export the function to make it available to the subshell:

#!/bin/bash

function helloworld() {
    osascript <<EOD
        say "Hello World"
EOD
}

export -f "helloworld"

currentuser=$(scutil <<< "show State:/Users/ConsoleUser" | awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}')

su "${currentuser}" -c "helloworld"

rapa
New Contributor II

AWESOME! You made my day.

Thanx a lot!

sim_brar
New Contributor III

@anverhousseini The example that you provided does not seem to work for me. Even if the su "${currentuser}" -c "helloworld" is updated to su "${currentuser}" -c "bash -c helloworld" to account for zsh in 10.15, the following output is presented: bash: helloworld: command not found. Any ideas?

Hi @sim_brar,

took me some time, and maybe you already figured it out (old post ;)) but you have to call the exported function like that

 

su $loggedinuser -c "$(helloworld)"

so with $()

 

As an additonal information: if you want to use -e with osascript you cannot do that like that in a function

function myfunction() {
	osascript -e <<EOD
    	tell application "Microsoft Word" to open file "filepath"
EOD
}

You have to define a variable like "bar" and call it in the function:

bar=e

function myfunction() {
	osascript - "$bar" <<EOD
    	tell application "Microsoft Word" to open file "filepath"
EOD
}

BR
Daniel