Skip to main content
Question

Sudo Jamf policy -event .... Not Accecpting local admin creds?

  • September 9, 2021
  • 3 replies
  • 57 views
G
Forum|alt.badge.img+2

Trying to run command to apply a policy with a customer trigger. The logged in user is NOT a local admin. The command prompts for admin password, but is not accepting the local admin credentials. However, when I sign into the local admin account and run the command, it doesn't have any problem with it.

 

I'm attempting to use a custom trigger to apply a "Make Me Admin" script to give a local non-admin user temporary admin rights. The policy must be run while logged into the end user account as the associate script elevates the current logged in user. The custom trigger is thought to be provided to our contracted service desk who does not have access to our Jamf Cloud instance or the local admin password for the device. The idea being if they needed to provide administrative credentials via remote support session, they could run this command to elevate the local user and assist them on the spot.

 

How can I make it so the local admin password is accepted on a terminal command being run with a non-sudo user logged into the device?

    3 replies

    boberito
    Forum|alt.badge.img+22
    • boberito
    • Jamf Heroes
    • September 9, 2021

    You can't within that session without a step . But can run

    su [USERNAME] or login [USERNAME]

    Switch to whatever user, then

    sudo jamf policy -event xyz

    Then 

    exit

      DWilliams-cmsd
      Forum|alt.badge.img+3
      • DWilliams-cmsd
      • New Contributor
      • September 10, 2021

      Agree with @boberito!  I regularly use the handy "su" command to switch user when a standard user is logged in and I need to "sudo" a command.  Alternatively, I provide script policies in Self Service that users can run at will for high frequency items.  That eliminates the need for a terminal command and/or switching users.

        mm2270
        Forum|alt.badge.img+24
        • mm2270
        • Legendary Contributor
        • September 13, 2021

         

        For what you're attempting to do with the MakeMeAdmin script, you should just put that into Self Service I would think. That's one of the primary reasons Self Service exists - to allow non admins to run curated admin level installs/scripts/functions without actually needing to be an admin.

        If you need to restrict the Self Service policy to only people in your contracted service desk, then if your Jamf server is connected to AD or another directory service, you may be able to set up optional Self Service login so they can log in to the app first, then have it appear for them.

          Terms & ConditionsCookie settingsAccessibility statement