Jamf Nation Community

MD56 · ‎07-10-2013

Hi All,

Very new to OSX command line so I apologize if these are bush league questions.

So I have a single line sudo command that I need to deploy to our 500+ OSX systems. The command is to add additional DNS search domains to the network config of each system. I understand how to do this via terminal cmd, but i'm having problems turing it into a deployable script. Would appreciate some advice.

Here is the cmd

sudo networksetup -setsearchdomains Wi-Fi legacydomain.com secondlegacydomain.com additionaldomain.org evenmoresearchdomain.net

mm2270 · ‎07-10-2013

Shell scripts need to start with a "shebang"( #! ) and the path to the shell, which tells the script which shell to use when running the commands. For a basic shell script, sh (Bourne Shell) or bash (Bourne Again Shell) are fine, though there are subtle differences between the two. Bash is the default shell in OS X.
There are lots of others, like ksh, zsh, etc, but I don't recommend using any of those unless you know what how those shells work.

The rest of the command will be the same as your one-liner with the exception that you can remove the sudo. Generally speaking you don't put 'sudo' into a script unless there is a specific reason to do it. (There are some exceptions) The shell script itself can be called to run with root privileges at the time of execution. If its run from a Casper Suite policy or via Imaging, etc it will be done as root, so no need for sudo.

#!/bin/sh

networksetup -setsearchdomains Wi-Fi legacydomain.com secondlegacydomain.com additionaldomain.org evenmoresearchdomain.net

exit

Its usually good practice to include an exit in your scripts. I'm not certain it makes any real difference in your script, but I'd put it in anyway. Outside of that, you should consider putting some error checking into scripts you write as you get more familiar with it. In your above script, if something doesn't work it will be hard to know it didn't work and why it failed. One simple way to check if the command ran successfully is to get to the exit status of the last run command. You can use a special variable for that, $?. If a command exits with status 0, it worked, any other number and it didn't work. That's a generalization, but mostly true.
So, you can do something like this-

if [ $? == 0 ]; then
     echo "Success"
else
     echo "Failure"
fi

nkalister · ‎07-10-2013

since it's a one line command, you don't even need to make it into a script- you could just create a policy that has your command in the the 'run command' field- that's on the advanced tab of your policy edit screen.
Again, like mm2270 said, Casper runs all scripts and unix commands as root by default, so you'd want to remove the sudo.

MD56 · ‎07-10-2013

mm2270, thank you for your input.

When I paste that into a text file, change to .sh and import into casper, I get the follow error.

Script Result: /private/tmp/thisisgoingtowork.sh: line 1: {rtf1ansiansicpg1252cocoartf1038cocoasubrtf360: command not found /private/tmp/thisisgoingtowork.sh: line 2: syntax error near unexpected token `}' /private/tmp/thisisgoingtowork.sh: line 2: `{fonttblf0fmodernfcharset0 Courier;}' Submitting log to https://qsusmac02.americas.quiksilver.corp:8443//... Finished

I aslo converted the script to a .command and got the same error. Any suggestions?

When I run the sudo from terminal (and enter my PW) it runs perfectly.

Thank you

mm2270 · ‎07-10-2013

The errors you posted most likely mean the script wasn't saved in plain text format. I see references to rtf which is definitely not going to work. Any type of formatting embedded in a script file fouls it up because the shell can see it and gets confused.
You can use TexEdit for this, but you need to make sure when you make a new file you convert it to plain text before pasting and saving. Its under the Format menu.
Also make sure the file only has the .sh extension in the filename. Sometimes TextEdit tries to add other extensions, like .txt when saving

Finally, get yourself a good text editor. As I said, TextEdit can be used, but other text editors are much better suited to writing scripts because they color code syntax, which makes it easier to spot issue as you write them, among other things. There are good free ones out there, I use TextWrangler (free), which you can get off the Mac App Store. TextWrangler has the ability to run your scripts right in the app without needing to use Terminal, but can also send them to the Terminal as well, so you can test them before ever uploading anything or jumping into another program.

Edit: One last thing. nkalister is correct that for a one liner you could consider putting this right into the Run Command field. The only issue with the Run Command is that, depending on what you're trying to do, it can be harder to get output back in the policy logs when they run. Sometimes its not an issue. Other times it may be. Your call really.

krichterjr · ‎07-11-2013

Thanks for taking the time to post this info. I learn something everyday from y'all.

MD56 · ‎07-11-2013

Thank you very much for the replies, JN has been my one stop shop for all things Mac backend!

stevenjklein · ‎12-13-2016

@nkalister : I realize I'm replying to a 3+ year old post, but I have a question about this:

you don't even need to make it into a script- you could just create a policy that has your command in the the 'run command' field- that's on the advanced tab of your policy edit screen.

I have a single-line command that I was going to deploy as a shell script, until I saw what you wrote.

Problem is, I can't find the "run command" anywhere. Is it gone? Moved?

SJK (~~Casper~~ JAMF newbie)

Brad_G · ‎12-13-2016

In your policy choose "Files and Processes" in the left pane. Put your command in the "Execute Command" field and you're set.

ChickenDenders · ‎12-13-2016

@stevenjklein

millersc · ‎12-13-2016

@nkalister In the latest JAMF versions is under the Options Tab -> Files and Processes -> Execute Command, after you start/edit a Policy.

stevenjklein · ‎12-14-2016

@Brad_G, @ChickenDenders, and @millersc: Thank you all. Great screenshot, ChickenDenders!

stevenjklein · ‎12-14-2016

@Brad_G, @ChickenDenders, and @millersc: Thank you all. Great screenshot, ChickenDenders!

I created a policy to uninstall Sophos (which can be done with a single command), and tested it, and it worked exactly as desired.

Next up for me: Create & test a Policy to install McAfee. Then combine the two, test, and push to all my users.

pcrandom · ‎12-14-2016

@stevenjklein Wish you the best of luck in the McAfee install. The AV client is relatively straightforward, but the ePO (if you're using it) is a bit messy, since it's a server-generated install.sh script that you have to install.

Jamf Nation Community

turing a single Sudo cmd into a shell script