- Jamf Nation Community
- Products
- Jamf Pro
- Script Running as User
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Script Running as User
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
This has been talked about a lot here and I see a lot of these posts, but man I cannot figure out what I am doing wrong. I am trying to write a script that will update a plist in the user folder as well as license the application upon installation. So I want the script to run post pkg install. I have this script and I am able to get it to run successfully locally, but clearly when jamf runs, it runs as root.
I have actually tried several ways to get it to run as the user, without success. The most recent option I tried was from here: https://community.jamf.com/t5/jamf-pro/need-help-forcing-script-to-run-commands-under-current-logged...
#!/bin/bash
#Get username
#Open OffShoot to make sure nl.syncfactory.Hedge.Mac.plist exists
myuser="$(id -u -n)"
echo "Username: $myuser"
sleep 1
echo "OffShoot Will Open To Create nl.syncfactory.Hedge.Mac.plist"
open /Applications/OffShoot.app
sleep 2
#Kill OffShoot
ps -ef | grep OffShoot | grep -v grep | awk '{print $2}' | xargs kill
sleep .5
#Set OffShoot Scripts and Open OffShoot
echo " Setting SFIDefaultsFirstAppStart to - False"
defaults write /Users/"$myuser"/Library/Preferences/nl.syncfactory.Hedge.Mac.plist SFIDefaultsFirstAppStart -string "False"
sleep .5
echo " Setting SFIDefaultsUserAcceptsResponsibilityForScripts - True"
defaults write /Users/"$myuser"/Library/Preferences/nl.syncfactory.Hedge.Mac.plist SFIDefaultsUserAcceptsResponsibilityForScripts "True"
sleep .5
echo " Setting SFIDefaultsHedgeStartedScript to callFilmsAPIOnOpen.scpt"
defaults write /Users/"$myuser"/Library/Preferences/nl.syncfactory.Hedge.Mac.plist SFIDefaultsHedgeStartedScript "/Library/OffShootConfig/AppleScripts/callFilmsAPIOnOpen.scpt"
sleep .5
echo " Setting SFIDefaultsDiskBusyScript to clear_dest_and_src.scpt"
defaults write /Users/"$myuser"/Library/Preferences/nl.syncfactory.Hedge.Mac.plist SFIDefaultsDiskBusyScript "/Library/OffShootConfig/AppleScripts/clear_dest_and_src.scpt"
sleep .5
echo " Setting SFIDefaultsFileCopyCompletedScript to renameMHLAfterCopy.scpt"
defaults write /Users/"$myuser"/Library/Preferences/nl.syncfactory.Hedge.Mac.plist SFIDefaultsFileCopyCompletedScript "/Library/OffShootConfig/AppleScripts/renameMHLAfterCopy.scpt"
sleep .5
echo "OffShoot Will Open With All Scripts and Settings Configured"
open 'offshoot://activate?key=????????'
I affectively tried to put my script into the script in the link above. But when I run the policy from Self Service, it just wheels forever. Never completes.
#!/bin/bash
loggedInUser=$(stat -f%Su /dev/console)
loggedInUID=$(id -u "$loggedInUser")
if [[ "$loggedInUser" != "root" ]] || [[ "$loggedInUID" -ne 0 ]]; then
cat << EOF > /private/tmp/script.sh
#!/bin/bash
echo "OffShoot Will Open To Create nl.syncfactory.Hedge.Mac.plist"
open /Applications/OffShoot.app
sleep 2
#Kill OffShoot
ps -ef | grep OffShoot | grep -v grep | awk '{print $2}' | xargs kill
sleep .5
#Set OffShoot Scripts and Open OffShoot
echo " Setting SFIDefaultsFirstAppStart to - False"
defaults write /Users/"$loggedInUser"/Library/Preferences/nl.syncfactory.Hedge.Mac.plist SFIDefaultsFirstAppStart -string "False"
sleep .5
echo " Setting SFIDefaultsUserAcceptsResponsibilityForScripts - True"
defaults write /Users/"$loggedInUser"/Library/Preferences/nl.syncfactory.Hedge.Mac.plist SFIDefaultsUserAcceptsResponsibilityForScripts "True"
sleep .5
echo " Setting SFIDefaultsHedgeStartedScript to callFilmsAPIOnOpen.scpt"
defaults write /Users/"$loggedInUser"/Library/Preferences/nl.syncfactory.Hedge.Mac.plist SFIDefaultsHedgeStartedScript "/Library/OffShootConfig/AppleScripts/callFilmsAPIOnOpen.scpt"
sleep .5
echo " Setting SFIDefaultsDiskBusyScript to clear_dest_and_src.scpt"
defaults write /Users/"$loggedInUser"/Library/Preferences/nl.syncfactory.Hedge.Mac.plist SFIDefaultsDiskBusyScript "/Library/OffShootConfig/AppleScripts/clear_dest_and_src.scpt"
sleep .5
echo " Setting SFIDefaultsFileCopyCompletedScript to renameMHLAfterCopy.scpt"
defaults write /Users/"$loggedInUser"/Library/Preferences/nl.syncfactory.Hedge.Mac.plist SFIDefaultsFileCopyCompletedScript "/Library/OffShootConfig/AppleScripts/renameMHLAfterCopy.scpt"
sleep .5
echo "OffShoot Will Open With All Scripts and Settings Configured"
open 'offshoot://activate??????'
exit 0
EOF
else
echo "No user logged in. Can't run as user, so exiting"
exit 0
fi
if [ -e /private/tmp/script.sh ]; then
/bin/chmod +x /private/tmp/script.sh
/bin/launchctl asuser "$loggedInUID" sudo -iu "$loggedInUser" "/private/tmp/script.sh"
sleep 2
echo "Cleaning up..."
/bin/rm -f "/private/tmp/script.sh"
else
echo "Oops! Couldn't find the script to run. Something went wrong!"
exit 1
fi
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
here is the information that i used to educate myself when I needed to run some things as the currently logged in user, check it out, hope that helps.
another approach that you could take is to, call the script via a launch agent, since launch agents always run as the user, i'd think it would call the script in that context as well.
Assumes that the script has been placed somewhere on the box, ie /tmp, and has the execute bit,
After the launch agent has ran the script you can just remove the launch agent plist and call it done. Obviously fill in the variables as needed
a few thoughts.
M
#!/bin/bash
# launchDaemon and Agent creator
# feed it with;
# launcher type = Daemon or Agent
# launchItem = path to the app being launched, the full path to the executable
# launcherPlistName = unique bit of the plist name. it will be com.mycorp.{unique bit}.plist
# isScriptIn = is this a script yes or no. defines which plist will be used
#1) $4 launcher type = Daemon or Agent
#2) $5 launchItem = path to the app being launched, the full path to the executable or script
#3) $6 launcherPlistName = unique bit of the plist name. it will be com.mycorp.{unique bit}.plist
#4) $7 isScriptIn = is this a script yes or no. defines which plist type will be used
launcherTypeIn="Agent"
launchItem=""
launcherPlistName=""
isScriptIn="yes"
# set input strings to lower to avoid case failure
launcherType=$(echo $launcherTypeIn | tr '[:upper:]' '[:lower:]')
isScript=$(echo $isScriptIn | tr '[:upper:]' '[:lower:]')
#echo "$launchItem"
#
case "$launcherType" in
"daemon" )
#echo "**** Daemon ****"
launchFolder="LaunchDaemons"
;;
"agent" )
#echo "**** Agent ****"
launchFolder="LaunchAgents"
;;
*)
echo "**** no launcher type selected. Exiting *****"
exit 1
;;
esac
case "$isScript" in
"no" )
cat << EOF > /Library/${launchFolder}/com.mycorp.${launcherPlistName}.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.mycorp.${launcherPlistName}</string>
<key>ProgramArguments</key>
<array>
<string>${launchItem}</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
EOF
;;
"yes" )
cat << EOF > /Library/${launchFolder}/com.mycorp.${launcherPlistName}.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.mycorp.${launcherPlistName}</string>
<key>ProgramArguments</key>
<array>
<string>/bin/bash</string>
<string>-c</string>
<string>${launchItem}</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
EOF
;;
*)
echo "**** no type selected. Exiting *****"
exit 1
;;
esac
/usr/sbin/chown root:wheel /Library/${launchFolder}/com.mycorp.${launcherPlistName}.plist
/bin/chmod 644 /Library/${launchFolder}/com.mycorp.${launcherPlistName}.plist
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
So, in your first script, the open commands are running as root. You could try and run them as the user. I would reference this article:
https://scriptingosx.com/2020/08/running-a-command-as-another-user/
to create the function that runs the command as the user, so, in your script you could do:
runAsUser open /Applications/Offshoot.app
to run the application in the user context. You could also do the same with the defaults commands to make sure they are running in user context
