Screen Saver Idle Time Script

quintondixon
New Contributor

I've read lots of posts about this but I have yet to find something that works for me. Basically I'm using a policy to run a login script that includes the following lines (among others):

currentUser=$(ls -la /dev/console | cut -d " " -f 4)
idleTime=$(su -l $currentUser -c "defaults read /Users/$currentUser/Library/Preferences/ByHost/com.apple.screensaver idleTime")

My currentUser variable is being set properly. My problem is with the second line. According to policy logs the defaults read command fails with "The domain/default pair of (.../com.apple.screensaver, idleTime) does not exist". This exact script works fine when running it manually as root, it only fails once I attempt to run it via Jamf policy.

I read that because scripts deployed via policy run as root, I shouldn't have to use su -l $currentUser. But I've found that if I don't use su then I get that same error when running the script manually as root. I'm new to all this, so maybe there's something about using defaults read as root that I'm unaware of?

I'm at a complete loss but am still convinced it's some sort of permissions issue. Does anyone have any helpful suggestions?

12 REPLIES 12

khey
Contributor

this is how i did it and it worked.

i think your script above is missing the macUUID as part of the plist file.7af6645df7b0466dbdb9aa94f6d9e093

#!/bin/sh
# grab current user
curUser=`ls -l /dev/console | cut -d " " -f 4`

# grab the system's uuid
if [[ `ioreg -rd1 -c IOPlatformExpertDevice | grep -i "UUID" | cut -c27-50` != "00000000-0000-1000-8000-" ]]; then
    macUUID=`ioreg -rd1 -c IOPlatformExpertDevice | grep -i "UUID" | cut -c27-62`
fi

#Write to plist
defaults write /Users/$curUser/Library/Preferences/ByHost/com.apple.screensaver.$macUUID.plist idleTime -int 300

#apply instantly - Kills settings panel
killall cfprefsd

quintondixon
New Contributor

Thanks for your reply. I've tried including the UUID like you did but the results were the exact same: works manually but not through Jamf. In my experience you don't always need to specify the full plist name.

I'm only needing to read, not write like your script is doing, but I will still try pasting your script in to see if I get different results. Will post back shortly.

mm2270
Legendary Contributor III

You only need to read the IdleTime setting from that plist?

#!/bin/bash

## Get logged in user
loggedInUser=$(stat -f%Su /dev/console)

## Get logged in UID
loggedInUID=$(id -u "$loggedInUser")

## Run read command as logged in user
setIdleTime=$(/bin/launchctl asuser $loggedInUID sudo -iu "$loggedInUser" "defaults -currentHost read com.apple.screensaver idleTime")

echo "$setIdleTime"

The above should work fine under 10.10.x and up. It will not work with older versions of OS X though.

emily
Valued Contributor III
Valued Contributor III

I have a little AppleScript thingy that sets the screen saver timeout if that's what you're wanting to do:

#!/bin/bash

# Setting Screensaver delay in seconds
osascript -e 'tell application "System Events" to set delay interval of screen saver preferences to 120'

exit 0

If you're just looking for reporting what @mm2270 posted should work, except you'll need echo "<result>$setIdleTime</result>" so it displays correctly on the computer record.

quintondixon
New Contributor

@mm2270 Thanks! This looks promising, I'll give it a shot.

@emily I'm actually only needing to read the value, not change it. I believe I'd need the result tags if I'm dealing with extension attributes, but this is just a script pushed through policy.

quintondixon
New Contributor

So not much progress for me unfortunately.

I tried your idea, @mm2270, without success. The policy log showed: "Script result: -bash: defaults -currentHost read com.apple.screensaver idleTime: command not found"
I get this same result when running the script manually, so I don't think Jamf is to blame for this. Maybe a syntax error?

I tried @khey's script to attempt to write changes (even though I'm only needing to read). This seemed to successfully edit the plist value, but the time changes were not reflected in System Preferences and the computer did not fall asleep in accordance with the new value in the plist. Rather it fell asleep according to what was still specified in System Preferences. Oddly enough after applying this script, changing the screen saver time manually in System Preferences no longer seems to adjust the value in the plist anymore. Bizarre...

As a next step I may look into @emily's AppleScript idea. I'll post back with how that goes.

StoneMagnet
Contributor III

@quintondixon Are you running Sierra 10.12.6 by any chance? I was trying to change Trackpad prefs last week on newly imaged 10.12.6 system using scripts that reportedly worked as of 10.12.2 with no luck, so I'm wondering if cfprefsd changed in 10.12.6 such that we've got more prefs that can't be changed without user action.

quintondixon
New Contributor

@StoneMagnet I've been doing all my testing on 10.12.5. Maybe I should bump back a few versions and see if I get different results, sometimes it's hard to stay on top of Apple's changes.

mm2270
Legendary Contributor III

@quintondixon Just curious but what OS are you running this on? I've seen a number of other folks post similar "command not found" errors and I'm thinking there is some difference now in more recent OS versions that's causing this, but I don't know exactly what that difference would be.

Also, it might help us if you either posted the rest of the script you're using this in, or gave us more details on what the end goal is. There might be some other way to accomplish the goal here, though not sure.

mm2270
Legendary Contributor III

@StoneMagnet and @quintondixon Sounds like all of us were reaching the same possible conclusion at the same time. :) I think something changed in 10.12.5 and up that may be causing the failures. I will have to do some testing on a current 10.12.5/6 system to see.

quintondixon
New Contributor

Essentially I'm creating a tool for our internal auditors to verify idleTime is <= 20 minutes. Because screen saver settings are unique per user, my initial thought was an extension attribute script that would loop through all home directories to return each user and their idleTime. I ran into issues so I thought I'd simply try reading idleTime via a login script (and push it into a CSV) just to see if I could get that to work first. I do have that working through the following SH script when ran through terminal:

#!/bin/sh

outputFile=/Users/Shared/Compliance/ScreenSaverTimeout.csv
currentUser=$(ls -la /dev/console | cut -d " " -f 4)
idleTime=$(su -l $currentUser -c "defaults read /Users/$currentUser/Library/Preferences/ByHost/com.apple.screensaver idleTime")

#Create CSV if it doesn't exist
if [ ! -e $outputFile ]; then
    mkdir -m 757 /Users/Shared/Compliance
    touch $outputFile
fi

#Check if user is already in CSV
count=`cut -f 1 -d , $outputFile | grep -ic $currentUser`
if [ $count -ge "1" ]; then
    echo Exists, updating...
    sed -i '' "/$currentUser/d" $outputFile
    sed -i '' '/^$/d' $outputFile
    echo "$currentUser,$idleTime
" >> $outputFile
else
    echo Brand new, adding...
    echo "$currentUser,$idleTime
" >> $outputFile
fi

But this same script does not execute the same way when put into Jamf policy and ran on the exact same machine. I end up with "The domain/default pair of (.../com.apple.screensaver, idleTime) does not exist".

I'll make sure to be more specific with OS version in my future posts. I did just test this on 10.12.3 and got the exact same result as 10.12.5: running script manually works but through Jamf policy does not. @mm2270 I just tested your script on 10.12.3 and still got command not found.

kerouak
Valued Contributor

623184087258471f91d6e937de077834
If it's still of any interest..

I created a new Configuration Profile for the Idle time.

I got it to work by referring to this Developer Document: https://developer.apple.com/enterprise/documentation/Configuration-Profile-Reference.pdf

This has a list of payloads for ALL Config Profiles.

So, rather than specifying "com.apple.screensaver.ByHost" I used the folowing user level screensaver payload : "com.apple.screensaver.user"

Works every time!!