Script result: Do not run this script with root privileges. Do not use 'sudo'.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-23-2018 05:47 AM
hi - i'm trying to remove Box Drive app but having issue.
I have the following in my script:
!/bin/bash
quit box drive
osascript -e 'quit app "Box"'
remove box drive
"/Library/Application Support/Box/uninstall_box_drive"
after i executed using a policy, i get the following error:
Script result: Do not run this script with root privileges. Do not use 'sudo'.
Can someone please share some insight into this?
thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-23-2018 05:54 AM
I'm guessing that output is from the uninstall_box_drive
tool.
The reason you are getting this message is because if you are running this with Jamf, then it is running as root.
One way around this would be to create a launch agent (which runs as user) and runs the two commands you have in this script.
By the way, when you want to paste code on Jamf Nation, make sure to use click the >_ button and paste the code in between the two single quote lines it gives you. This makes code much more readable on the site.
#!/bin/sh
Example of what it would look like
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-23-2018 05:59 AM
thanks for the quick response bpavlov.
please could you help me how to do launch agent?
this is a bit urgent so haven't had time to search jamf or google for help.
thanks for your understanding and assistance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-23-2018 07:02 AM
You could try something like this: (caution untested script)
#!/bin/bash
osascript -e 'quit app "Box"'
consoleuser=$(stat -f%Su /dev/console)
su - "${consoleuser}" -c '/Library/Application Support/Box/uninstall_box_drive'
exit 0
I don't have Box installed on anything so I have not tested this myself. It could be that you need to run the remove tool as the user and this MIGHT get you what you need. Please test on your own test machine(s) before attempting in production. This technique works for me when I want to run something as the user from self service.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-23-2018 07:21 AM
thanks for your help m.donovan.
now i'm getting a different error:
Script result: -bash: /Library/Application: No such file or directory
note: i think something in the uninstall_box_drive script that's causing these errors.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-23-2018 07:44 AM
Try putting a after Application like this
su - "${consoleuser}" -c '/Library/Application Support/Box/uninstall_box_drive'
Looks like the space between Application and Support needs to be escaped. I thought the single quotes would take care of the space.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-23-2018 07:49 AM
Hey there!
From the sound of it you will need to run your scripts as the user logged into the machine. This can be done from JAMF scripts. But takes a little work. The current method to run things as users is like as follows:
#!/bin/sh
currentUser=$(stat -f%Su /dev/console)
currentUserUID=$(dscl . read /Users/$currentUser UniqueID | awk {'print $2'})
launchctl asuser $currentUserUID /usr/bin/osascript <<EOF
tell application "Box"
quit
end tell
EOF
launchctl asuser $currentUserUID /Library/Application Support/Box/uninstall_box_drive
Hope that helps
Shawn OG
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-23-2018 08:26 AM
Have you tried creating a Restriction using JAMF?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-23-2018 08:26 AM
thanks guys for all your help, but i think there's something funny going on with the uninstall_box_drive script. now a different error:
Script result: 0
No matching processes belonging to you were found
sudo: no tty present and no askpass program specified
2018-08-23 11:23:14.624 defaults[5908:133106]
Domain (com.box.desktop.installer) not found.
Defaults have not been changed.
Box Drive has been uninstalled.
says its uninstalled but the app still there.
here's the uninstall_box_drive script:
!/bin/bash
uninstall_box_drive -- remove Box Drive components from a machine.
usage: uninstall_box_drive [-n]
options:
-n No quit if FUSE is unable to be uninstalled (for AAU)
This script must be run as a regular user, not with elevated privileges. And other
than the 'sudo' call to run the "uninstall_box_drive_r" script, no further uses of sudo
should appear in this script. Anything that requires sudo should go in "uninstall_box_drive_r"
Possible exit codes:
0 - Success
1 - Was run with elevated privilege
2 - Was unable to unload the FUSE kext
3 - Box.app is running.
4 - Unknown parameter
BFD_IDENTIFIER="com.box.desktop"
BOX_HELPER_IDENTIFIER=com.box.desktop.helper
BOX_HELPER_PLIST_PATH=/Library/LaunchAgents/$BOX_HELPER_IDENTIFIER.plist
FINDER_EXTENSION_IDENTIFIER=com.box.desktop.findersyncext
# Return 1 if an app with the specified bundle ID is running
function is_app_running {
/usr/bin/lsappinfo find kLSBundleIdentifierLowerCaseKey="$1" | grep -c ASN
}
# Exit the script with a message if we're running as root
function ensure_running_as_user {
if [ $EUID -eq 0 ]; then
echo "Do not run this script with root privileges. Do not use 'sudo'."
exit 1
fi
}
# Check and see if Box is running - user will need to quit if it is
function ensure_box_not_running {
if is_app_running $BFD_IDENTIFIER; then
echo "Box Drive appears to be running. You must quit the Box Drive application and run this script again."
exit 3
fi
}
function unload_user_au_and_helper {
# Unload the user version of the helper
/bin/launchctl unload $BOX_HELPER_PLIST_PATH || true
}
# Clear out any prefs we've set
function clear_user_level_prefs {
defaults delete com.box.desktop.installer || true
defaults delete com.box.desktop.ui || true
defaults delete com.box.desktop || true
}
# In Python _add_to_startup_items() adds Box to System Preferences > Users & Groups > Login Items so reverse this.
function remove_from_login_items {
osascript -e 'tell application "System Events" to delete every login item whose name is "Box"' 2>/dev/null || true
}
# Disable the Finder extension
function disable_finder_extension { # Always disable the plugin /usr/bin/pluginkit -e ignore -i $FINDER_EXTENSION_IDENTIFIER || true
# Immediately kill any running processes
killall -9 FinderSyncExt || true
}
# main
# A command-line parameter of "-n" means "don't give up if you can't uninstall FUSE."
This is intended for AAU use.
fuse_failure_quits=1
if [ "$1" = "-n" ]; then
fuse_failure_quits=0
elif [ "$1" != "" ]; then
echo "usage: uninstall_box_drive [-n]"
exit 4
fi
Make sure we're clear to go
ensure_running_as_user &&
ensure_box_not_running &&
unload_user_au_and_helper &&
disable_finder_extension
Do the work that requires sudo - this work is placed in a separate script to support
developers. In jenkins passwordless sudo is enabled. But on developer machine we
shouldn't required a blankey "password-less sudo". This is an issue because developers
run Chimp locally and Chimp executes these uninstall scripts and it's often the case
that there's no STDIN for sudo to use to get the password. Thus, by placing all the
logic that requires sudo in a script called uninstall_box_drive_r... the developers
can add an password-exemption for just that script in /etc/sudoers that looks like:
<username> ALL = (root) NOPASSWD: /Library/Application Support/Box/uninstall_box_drive_r
sudo "${0%/*}/"uninstall_box_drive_r $fuse_failure_quits
Do any remaining non-sudo work
clear_user_level_prefs
remove_from_login_items
echo
echo
echo " "
echo
echo "Box Drive has been uninstalled."
echo
echo " "
echo
echo
exit 0
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-23-2018 08:28 AM
#!/bin/bash
#
# uninstall_box_drive -- remove Box Drive components from a machine.
#
# usage: uninstall_box_drive [-n]
#
# options:
#
# -n No quit if FUSE is unable to be uninstalled (for AAU)
#
# This script must be run as a regular user, not with elevated privileges. And other
# than the 'sudo' call to run the "uninstall_box_drive_r" script, no further uses of sudo
# should appear in this script. Anything that requires sudo should go in "uninstall_box_drive_r"
#
# Possible exit codes:
#
# 0 - Success
# 1 - Was run with elevated privilege
# 2 - Was unable to unload the FUSE kext
# 3 - Box.app is running.
# 4 - Unknown parameter
#
BFD_IDENTIFIER="com.box.desktop"
BOX_HELPER_IDENTIFIER=com.box.desktop.helper
BOX_HELPER_PLIST_PATH=/Library/LaunchAgents/$BOX_HELPER_IDENTIFIER.plist
FINDER_EXTENSION_IDENTIFIER=com.box.desktop.findersyncext
#
# Return 1 if an app with the specified bundle ID is running
#
function is_app_running {
/usr/bin/lsappinfo find kLSBundleIdentifierLowerCaseKey="$1" | grep -c ASN
}
#
# Exit the script with a message if we're running as root
#
function ensure_running_as_user {
if [ $EUID -eq 0 ]; then
echo "Do not run this script with root privileges. Do not use 'sudo'."
exit 1
fi
}
#
# Check and see if Box is running - user will need to quit if it is
#
function ensure_box_not_running {
if is_app_running $BFD_IDENTIFIER; then
echo "Box Drive appears to be running. You must quit the Box Drive application and run this script again."
exit 3
fi
}
function unload_user_au_and_helper {
# Unload the user version of the helper
/bin/launchctl unload $BOX_HELPER_PLIST_PATH || true
}
#
# Clear out any prefs we've set
#
function clear_user_level_prefs {
defaults delete com.box.desktop.installer || true
defaults delete com.box.desktop.ui || true
defaults delete com.box.desktop || true
}
#
# In Python _add_to_startup_items() adds Box to System Preferences > Users & Groups > Login Items so reverse this.
#
function remove_from_login_items {
osascript -e 'tell application "System Events" to delete every login item whose name is "Box"' 2>/dev/null || true
}
#
# Disable the Finder extension
#
function disable_finder_extension {
# Always disable the plugin
/usr/bin/pluginkit -e ignore -i $FINDER_EXTENSION_IDENTIFIER || true
# Immediately kill any running processes
killall -9 FinderSyncExt || true
}
#
# main
#
#
# A command-line parameter of "-n" means "don't give up if you can't uninstall FUSE."
# This is intended for AAU use.
#
fuse_failure_quits=1
if [ "$1" = "-n" ]; then
fuse_failure_quits=0
elif [ "$1" != "" ]; then
echo "usage: uninstall_box_drive [-n]"
exit 4
fi
# Make sure we're clear to go
ensure_running_as_user &&
ensure_box_not_running &&
unload_user_au_and_helper &&
disable_finder_extension
# Do the work that requires sudo - this work is placed in a separate script to support
# developers. In jenkins passwordless sudo is enabled. But on developer machine we
# shouldn't required a blankey "password-less sudo". This is an issue because developers
# run Chimp locally and Chimp executes these uninstall scripts and it's often the case
# that there's no STDIN for sudo to use to get the password. Thus, by placing all the
# logic that requires sudo in a script called uninstall_box_drive_r... the developers
# can add an password-exemption for just that script in /etc/sudoers that looks like:
# <username> ALL = (root) NOPASSWD: /Library/Application Support/Box/uninstall_box_drive_r
#
sudo "${0%/*}/"uninstall_box_drive_r $fuse_failure_quits
# Do any remaining non-sudo work
clear_user_level_prefs
remove_from_login_items
echo
echo
echo "* * * * * *"
echo
echo "Box Drive has been uninstalled."
echo
echo "* * * * * *"
echo
echo
exit 0
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-23-2018 12:23 PM
The sudo: no tty present and no askpass program specified
error is likely because the script contains this line:
sudo "${0%/*}/"uninstall_box_drive_r $fuse_failure_quits
That is, if it's even running it, because the comment also states "this work is placed in a separate script" meaning the script it's trying to execute might not be present.
Here's what I'm going to say, and you won't like this answer, but, this script really wasn't designed to be pushed via Jamf or ARD or some other tool like that. It appears to be designed to be run by a user in Terminal. It will prompt them for their password to run sudo level stuff, but still as them, not as root. I don't think you will be able to use this script effectively pushed via a management tool.
Let me ask you, is it important to run all that stuff in the script, like removing user level prefs and such, or do you just want the application shut down and removed? If the latter is all that's important, it should be much easier to do than trying to utilize that script.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-23-2018 01:16 PM
thank you, mm270 for your response and clarification.
can i answer you question with a question? what's the side effects, if any if i don't remove user prefs and other stuff in the script?
i think ultimately, i just want the shutdown the app if running, then remove it cleanly including all residues.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-23-2018 01:51 PM
@tranatisoc I'm not able to do a full response because I'm super busy right now, but off hand I don't see a major problem with leaving some of the preferences behind. The developers choose to remove those to prevent a future reinstall of Box from picking up some old preferences I guess, which makes sense.
I'm not sure on some of the other stuff. I know Box installs a setting to the user space to auto launch the application, but if the app itself is removed that should pose no harm.
If you are ok with reading scripts, you should be able to grab the relevant parts from their script and place into a custom one. You'd also have to look at that uninstall_box_drive_r
script as it references that, but we aren't seeing that script above. It seems like the important one though as it probably is what removes the app itself.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-23-2018 02:44 PM
I've looked at the script from the Box package. This will uninstall Box Drive and remove the preferences for all users:
#!/bin/sh
killall Box
/Library/Application Support/Box/uninstall_box_drive_r
rm -f /Users/*/Library/Preferences/com.box.desktop.installer.plist
rm -f /Users/*/Library/Preferences/com.box.desktop.ui.plist
rm -f /Users/*/Library/Preferences/com.box.desktop.plist
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-23-2018 03:54 PM
thanks mm270 & ryan.ball.
@ryan.ball , it worked. many thanks