Help

Shell scripts only work in JAMF Recon

Go to solution
kgregg
New Contributor III

Posted on ‎10-24-2018 01:34 PM

Hi everyone,

I'm a bit of a beginner when it comes to scripts, and I'm running into this problem. I have to script in JSS, and when I assigned it to a policy and run "sudo jamf policy" it runs no problem. However, when it deploys at check-in I get an error code return of 1, and the policy fails. The application that uses this command is installed onto the computer.

sudo sentinelctl set registration-token /Volumes/*/com.sentinelone.registration-token

Any help would be greatly appreciated. I'm assuming I'm missing how JAMF handles scritps on the root level.

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
kgregg
New Contributor III

Posted on ‎10-29-2018 12:11 PM

Thanks everyone! I figured it out by doing this:

sudo /usr/local/bin/sentinelctl set registration-token /Volumes/*/com.sentinelone.registration-token

View solution in original post

0 Kudos
Reply
7 REPLIES 7

Go to solution
nahrens
New Contributor III

Posted on ‎10-24-2018 02:10 PM

First off, when a script or command is ran through a policy, it is ran as root so no need to include sudo in the command. Second, when you run "sudo jamf policy" it is checking in with the JSS and triggering the policy as if it were triggering it as a normal check-in. Are you running this command as a script payload or as a command payload?

0 Kudos
Reply

Go to solution
kgregg
New Contributor III

Posted on ‎10-24-2018 02:13 PM

I have the script in a policy that runs at check-in. If I force the check-in, the policy runs no problem. If I let it check-in normally, the policy fails.

0 Kudos
Reply

Go to solution
Look
Valued Contributor III

Posted on ‎10-24-2018 04:12 PM

My guess is the command your running requires user context, when you invoke it manually it runs with some reference to the user. When it runs on check-in it's a pure background task with no context.
Get the current user and try something like

sudo -u $Current_User sentinelctl set registration-token /Volumes/*/com.sentinelone.registration-token

You might want to wrap an if around it to make sure itonly runs when there is a current user.

0 Kudos
Reply

Go to solution
kgregg
New Contributor III

Posted on ‎10-25-2018 07:25 AM

Sadly, still no luck with that command.

0736b1fcc70742a3b2597c05d7263030

0 Kudos
Reply

Go to solution
Look
Valued Contributor III

Posted on ‎10-25-2018 04:56 PM

Sorry it was just a snippet, I should have clarified you need to get the user first and then run it as the user. Something like.

Current_User=$(last -1 console | awk '/still logged in/ {print $1}')

However looking at what Sentinel One is, I'm quite surprised it needs this... Looks like some kind of security software, if it needs to be run as the user, then it probably needs it for evrery user?

0 Kudos
Reply

Go to solution
kgregg
New Contributor III

Posted on ‎10-29-2018 12:11 PM

Thanks everyone! I figured it out by doing this:

sudo /usr/local/bin/sentinelctl set registration-token /Volumes/*/com.sentinelone.registration-token
0 Kudos
Reply

Go to solution
woodsb
Contributor

Posted on ‎10-29-2018 01:09 PM

test

0 Kudos
Reply