Skip to main content
Solved

Script fails from every15 trigger but works from Self Service?

  • September 27, 2013
  • 1 reply
  • 0 views
B
Forum|alt.badge.img+12

We have a script we've been testing that removes a bad wi-fi entry from the keychain of the local user. When this runs on the every15 trigger set in the JSS policy, the logs state the keychain entry doesn't exist.

However, if we go to the computer and run the script from Self Service (separate policy, set to just run from SS), it works perfectly! It removes the entry, shows this in the logs and fixes their issues.

I feel like I'm missing something really simple but I could sure use advice!

- Brandon

Best answer by mm2270

Self Service, I believe will run the script as the user, but with elevated privileges. Normal policies don't, so in your every15 policy, it would be trying to affect the root account's keychain entry, which probably doesn't exist, hence the error.

In your script, get the logged in user account (and if needed, the path to their home directory) and use that in the script as to what keychain to affect.

#!/bin/sh

loggedInUser=$( ls -l /dev/console | awk '{print $3}' )
userHome=$( dscl . read /Users/$loggedInUser NFSHomeDirectory | awk '{print $NF}' )

## Now your command here
security delete-generic-password [options] -keychain $userHome/Library/Keychains/login.keychain

Or whatever it is you need to do. Above is just an example.

View original
    Did this topic help you find an answer to your question?

    1 reply

    mm2270
    Forum|alt.badge.img+16
    • mm2270
    • Legendary Contributor
    • 7880 replies
    • Answer
    • September 27, 2013

    Self Service, I believe will run the script as the user, but with elevated privileges. Normal policies don't, so in your every15 policy, it would be trying to affect the root account's keychain entry, which probably doesn't exist, hence the error.

    In your script, get the logged in user account (and if needed, the path to their home directory) and use that in the script as to what keychain to affect.

    #!/bin/sh

loggedInUser=$( ls -l /dev/console | awk '{print $3}' )
userHome=$( dscl . read /Users/$loggedInUser NFSHomeDirectory | awk '{print $NF}' )

## Now your command here
security delete-generic-password [options] -keychain $userHome/Library/Keychains/login.keychain

    Or whatever it is you need to do. Above is just an example.

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings