Temporarily Elevate Users to Admin

Shane
New Contributor III

Hi everyone
I need your help, the answers on JAMF Nation to similar issues are not working. I have an application that I need to update called Tunnelblick (an open source VPN app). Once you update the app, it requires admin privileges on first launch to change system settings. I am trying to elevate my users to admin temporaily using the dseditgroup -o edit -a $loggedInUser -t user admin I have tried this as a shell script and run command from the advanced tab when creating a policy. I have also tried $CurrentUser in the syntax and tried using quotes. I am just not that good with shell scripts. My predicament is the fact that all my users are local to each machine with different names, and no directory services. What am I doing wrong with the script? It works if I input a single users name into the syntax but I need it to work for the current user on 110+ systems.
This is such an emergency because of the Heart Bleed ssl vulnerability. Once I get this to work. I can push the app to theirs systems and give them 5 minutes to launch the app for the first time before invoking a restart which would trigger another policy on reboot to remove admin privileges.
All systems are running 10.8.5
Thank you all in advance for your help

2 REPLIES 2

jdziat
Contributor

Hi you may want to check out this article https://jamfnation.jamfsoftware.com/discussion.html?id=1296

As they recommend in that article

CurrentUser=ls -l /dev/console | cut -d " " -f 4 and then refer to it with $CurrentUser