Jamf Nation Community

if you put the script in as a launch agent it will run as the user at login, no need to su or sudo -u

The OP's post was:

I have two scripts that absolutely MUST be run at login; however I cannot seem to get the script syntax to work right in the Casper JSS world. My Integrator taught me the "$3" trick. Am I implementing these properly?? #!/bin/bash su $3 defaults write /Users/$3/Library/Preferences/com.microsoft.office "14FirstRunSetupComplete" -int 1 su $3 defaults write /Users/$3/Library/Preferences/com.microsoft.office "14UserInfoUserOrganization" -string "Lafayette School Corporation" su $3 defaults write /Users/$3/Library/Preferences/com.microsoft.office "14UserInfoUserInitials" -string "dscl . -read /Users/$3 RealName | grep -v RealName | sed 's/^[ ]//' | sed 's/([^[:space:]])[^[:space:]][[:space:]]/1/g'" su $3 defaults write /Users/$3/Library/Preferences/com.microsoft.office "14UserInfoUserName" -string "dscl . -read /Users/$3 RealName | grep -v RealName | sed 's/^[ ]//'" exit 0 and the more simple #!/bin/sh chown -R -f $3 /Applications/DAZ 3D chmod -R -f 775 /Applications/DAZ 3D exit 0 The one for DAZ 3D is because I have one pesky app that wants the user to have full writes to the entire Application folder for that product.

Mr. Ness, you are correct that the first script does not require sudo.

Mr. Martin, you should be able to do:

defaults write /Users/$USER/Library/Preferences/com.microsoft.office "14FirstRunSetupComplete" -int 1

If that doesn't work, an alternative would be:

defaults write /Users/`echo $USER`/Library/Preferences/com.microsoft.office "14FirstRunSetupComplete" -int 1

As far as the second script, it would make more sense to create a group with R/W/X permissions to "/Applications/DAZ 3D" and add each user to said group. The owner wouldn't matter as long as the group permissions remain intact and you could lock them in-place with an ACL schg or schange. You could even set an ACL locking in a specific group. But keep in mind the permissions could be altered if a permissions fix were issued to the system.

Otherwise you would need to:

sudo chown -R -f $USER /Applications/DAZ 3D
sudo chmod -R -f 775 /Applications/DAZ 3D

If the script is being launched by a normal user, but to alleviate the need to enter in a password for sudo, you would need to make modifications to /etc/sudoers. The previous mention of creating a specific group and setting the group to the directory plus making sure the permissions are R/W/X.

J.I.

if its running out of launch agent,

defaults write com.microsoft.office "14FirstRunSetupComplete" -int 1

should work, there is also this file..
com.microsoft.office.setupassistant.plist that may need to be created to prevent it from running.

for the App i might add the user to a group you create like DAZ
then do sudo chgrp -R DAZ /Applications/DAZ 3D
sudo chmod g+wX /Applications/DAZ 3D

that way you are not making every file executable when most of them probably do not need to be

If you want to use su, then I think you'll need to run with the '-c' option.

su $3 -c "defaults write /Users/$3/Library/Preferences/com.microsoft.office "14FirstRunSetupComplete" -int 1"

You could run:

defaults write /Users/$USER/Library/Preferences/com.microsoft.office "14FirstRunSetupComplete" -int 1

but that will change the ownership of the file to root.

The first 2 lines you have posted are fixed, so you could have a template file and then just add the next 2 lines. I agree with the 'make a launch agent' to handle this though, as this will be run as the user!

The second script should be unnecessary. Change the permissions in Composer to 775, change the group to staff (for example).

You could run:

defaults write /Users/$USER/Library/Preferences/com.microsoft.office "14FirstRunSetupComplete" -int 1

but that will change the ownership of the file to root.

Mr. Holden, only if the file doesn't previously exist AND if run as root. The presumption based on the OP's text is that it will be run from a normal user account. That would make that statement invalid.

J.I.

Disagree. If the file already exists, but you run the command as root (which will happen if run as a login script as suggested by the original post) the file will then belong to root. If it wasn't being run as root, then they wouldn't bother with su or sudo!

-c informs that you are running the following command as the user and quotes are required (have you read the man page) if the command consists of more than one word!

The use of double quotes will not break the command, but instead will ensure that the $USER variable is expanded correctly.

I'd suggest trying these yourself! For example try this as root:

myUser=[username]; su $myUser -c "defaults write /Users/$myUser/Library/Preferences/com.mytest hello test"

Check file ownership, then try

myUser=[username]; defaults write /Users/$myUser/Library/Preferences/com.mytest hello test2

now check ownership.

If the file already exists, but you run the command as root (which will happen if run as a login script as suggested by the original post) the file will then belong to root.

If it is a login script, it will be run as the user being logged in. If the file exists and is modified by calling sudo, the permissions will remain intact

[jamie@blackbox ~]$ touch test
[jamie@blackbox ~]$ ls -l test
-rw-r--r--  1 jamie  jamie  0 Jun 28 09:47 test
[jamie@blackbox ~]$ su
Password:
root@blackbox:/home/jamie # nano test
root@blackbox:/home/jamie # exit
exit
[jamie@blackbox ~]$ ls -l test
-rw-r--r--  1 jamie  jamie  6 Jun 28 09:47 test

If the file is not modified (overwritten) or does not exist, it will take on the user/group of the document creator..

R0190381:~ jamieivanov$ defaults write /Users/$USER/Library/Preferences/com.mytest hello test
R0190381:~ jamieivanov$ sudo bash
bash-3.2# defaults write /Users/jamieivanov/Library/Preferences/com.mytest hello test
bash-3.2# exit
exit
R0190381:~ jamieivanov$ ls -l /Users/jamieivanov/Library/Preferences/com.mytest.plist
-rw-------  1 root  admin  57 Jun 28 09:56 /Users/jamieivanov/Library/Preferences/com.mytest.plist

But the presumption being that the script will be a login script, there will be no need to su/sudo when setting current user preferences, as stated previously.

J.I.

The original question is missing on the JAMF Nation site. Not sure if the OP still wants input on his script or something else.

I see that the first script was written to manage Office 2011 preferences. I suggest simplifying this by using JAMF's support for MCX rather than using a script. MCX is centralized on the JSS whereas a script must be pushed to each Mac and run for each user (current and future).

I use these MCX settings to disable Office first run, hide welcome windows and hide the document galleries. I see no reason for the Office apps splash screens to display each individual user's name.

http://www.officeformachelp.com/office/administration/mcx/

The second goal to change the application permissions may be more easily accomplished by setting the entire folder permissions to 777. I doubt the application actually needs the owner to be the user.

I guess that the original post works for someone that wants a tailored splash screen, otherwise as we've both said, create a template/use MCX.

For Jamie's info:

If you create a policy for a login script, this script is run as root, not as user. However, if you have the script run as a login item, then this will run as user.

If root ever writes to a file, already created or otherwise, root will become the owner.

If the OP was made as a LaunchAgent, then the script will run as user.

As mentioned, OP was removed, so I'm sure he is happy.

If you create a policy for a login script, this script is run as root, not as user.

Fair enough. I'm thinking on terms of setting a login script on the local machine itself.

If root ever writes to a file, already created or otherwise, root will become the owner.

Incorrect, which I have previously shown.

J.I.

Except you proved yourself to be wrong. Your own test shows that the default command has set the ownership to root as it will always do when run as root without substituting user identity.

R0190381:~ jamieivanov$ ls -l /Users/jamieivanov/Library/Preferences/com.mytest.plist
-rw-------  1 root  admin  57 Jun 28 09:56 /Users/jamieivanov/Library/Preferences/com.mytest.plist

I've noticed I'd made a mistake when I posted the command with double quotes (I forgot to remove the inner double quotes)

Should have read:

su $3 -c "defaults write /Users/$3/Library/Preferences/com.microsoft.office 14FirstRunSetupComplete -int 1"

and this was too open

"If root ever writes to a file, already created or otherwise, root will become the owner."

I was assuming we were talking about the defaults command, should have specified that!!!!

Except you proved yourself to be wrong. Your own test shows that the default command has set the ownership to root as it will always do when run as root without substituting user identity.

R0190381:~ jamieivanov$ ls -l /Users/jamieivanov/Library/Preferences/com.mytest.plist
-rw------- 1 root admin 57 Jun 28 09:56 /Users/jamieivanov/Library/Preferences/com.mytest.plist

I did not prove myself wrong, as I stated:

If it is a login script, it will be run as the user being logged in. If the file exists and is modified by calling sudo, the permissions will remain intact

[jamie@blackbox ~]$ touch test
[jamie@blackbox ~]$ ls -l test
-rw-r--r-- 1 jamie jamie 0 Jun 28 09:47 test
[jamie@blackbox ~]$ su
Password:
root@blackbox:/home/jamie # nano test
root@blackbox:/home/jamie # exit
exit
[jamie@blackbox ~]$ ls -l test
-rw-r--r-- 1 jamie jamie 6 Jun 28 09:47 test

The document was created as the user and edited as root. The document retains the permissions. I continued to show:

If the file is not modified (overwritten) or does not exist, it will take on the user/group of the document creator..

R0190381:~ jamieivanov$ defaults write /Users/$USER/Library/Preferences/com.mytest hello test
R0190381:~ jamieivanov$ sudo bash
bash-3.2# defaults write /Users/jamieivanov/Library/Preferences/com.mytest hello test
bash-3.2# exit
exit
R0190381:~ jamieivanov$ ls -l /Users/jamieivanov/Library/Preferences/com.mytest.plist
-rw------- 1 root admin 57 Jun 28 09:56 /Users/jamieivanov/Library/Preferences/com.mytest.plist

Again, proving what I said was evident. Using the 'defaults' command will generate a new file, not edit/amend the existing one. Thus my statement is true. Both statements are true.

I was assuming we were talking about the defaults command, should have specified that!!!!

Look at my examples and please read what I say more carefully. I was very clear.

Now, Mr. Holden, if we can quit hosing down the forum with testosterone, I believe we've made our points and suggestions.

J.I.