Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

Script Parameters

Each script deployed with Jamf Pro can receive up to eleven parameters. The first three parameters are automatically passed to the script in the order shown below. The remaining eight parameters can be defined when adding the script to a policy or Casper Remote.

Parameter Variables 1–3

Variable Value
$1 Mount point of the target drive
$2 Computer name
$3 Username, specifically:
-If the script is run with a login or logout policy—Username of the account used to log in or out of the computer
-If the script is run from Self Service—Username of the account used to logged in to Self Service

Custom Parameter Labels

The eight definable parameters are displayed as “Parameter 4,” Parameter 5,” Parameter 6,” etc in the policy and Casper Remote interfaces. You can customize those labels to make the interfaces more intuitive.

The following examples show the policy interface without and with custom parameter labels:

Policy without Custom Parameter Labels

Policy with Custom Parameter Labels

Example

Here is an example of using parameters to pass account credentials with a script and a policy:

  1. Add the script to Jamf Pro. See "Adding a Script to the JSS" in the "Managing Scripts" section of the Casper Suite Administrator's Guide.
    The script might look something like this:

  2. (Optional) When adding the script, click the Options tab and enter custom labels for the Parameter fields.

  3. Create a policy to run the script. See "Running Scripts Using a Policy" in the Casper Suite Administrator's Guide. When entering information about the script, a pane with custom Parameter labels might look like this:

Related Information

Encrypted Script Parameters
Shows a workflow that can be used to encrypt script parameters.

Secure Scripts
Explains to how ensure the security of the scripts deployed with Jamf Pro.

Like Comment
Order by:
SOLVED Posted: by joshuasee

Okay, but what does get passed to $3 when not executed in a user context? Then management account? Root? Null?

I'm looking for way for a script to tell if anyone is logged in. Parsing who or finger is doable, but an argument check is easier.

Like
SOLVED Posted: by bentoms

@joshuasee

I use this:

# Get the username of the currently logged in user
loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`

That shows the consoles owner, I think it returns root when no-one is logged in.

Like
SOLVED Posted: by bryantdresher

Two questions:

  1. Are these casper environment variables provided in the context of running an Extension Attribute?

  2. Does $1 variable refer to the currently booted drive?

Thanks,
Bryant

Like
SOLVED Posted: by spalmer

What does $3 return from Self Service when the "Method to use for logging in to Self Service" is set to "No Login" in the JSS?

Like
SOLVED Posted: by donmontalvo

Should still be the currently logged in user, no?

Like
SOLVED Posted: by spalmer

Maybe, but not necessarily. I think.

I interpreted

it receives the username of the account used to log into Self Service
to literally mean whatever account you use to log in to Self Service. Self Service login is tied to an LDAP account when the "Method to use for logging in to Self Service" option is set to "Require login with an LDAP directory account" or "Allow users to login with an LDAP account or skip login".

I don't think is necessarily the same as the user currently logged in to OS X especially if that user happens to be a local account or an account different than what you would use to log into Self Service.

The reason I ask is because we have a Site Admin on our Casper server that has written a script to accept the user currently logged into Self Service, as per this page, via the $3 parameter passed via Self Service. However, he is not getting the expected results because as I mentioned we have Self Service logins disabled. So if this it would be nice to have an official word on what the intended behavior and if this falls into their generic scenario of

Any other method of execution will fail to pass the correct user information.

Like
SOLVED Posted: by hzimmerman

It also looks like the $3 variable is only passed when you are running a script called from a policy. Executing a command from within Files and Processes does not use the variable. In addition, the Execute Command in Advanced in Casper Remote does not use the variable either.

Like
SOLVED Posted: by bentoms

@hzimmerman, AFAIK $3 only works when run via a policy at login or via self service.

Like
SOLVED Posted: by jjohnson-okta

The fact that "username" is not clearly defined in this case has held me up for several hours today. Additionally, re-using a field for different reasons is very un-clean and annoying.

Thank you to @bentoms for the one-liner to get who is logged in.

Like
SOLVED Posted: by krispayne

Where are the example scripts now? I downloaded the Casper Suite dmg and the resources folder is now just a bunch of PDF's. Did I get the wrong dmg?

Like
SOLVED Posted: by krispayne

Downloaded a 8.73 DMG. Found them in there. @erin.miska

Like
SOLVED Posted: by nchan

Does anyone know how to bypass this Casper variables for scripting? In one of my scripts, I need to use the awk print statement, but when the script runs, it's changing the $1/$2/$3 variable.

For example:
| awk '{ print $2 }')

becomes:
| awk '{ print [ComputerName] }')

Like
SOLVED Posted: by jcompton

I use awk all the time in Casper Scripts - I've never seen that happen. Can you post the entire line?

Like
SOLVED Posted: by nchan

@jcompton

Thanks for your response. The whole line is:
DISK=$("$pgp" --status | grep "instrumented" | awk '{ print $2 }')

When that get executed, it's actually trying to run:
DISK=$("$pgp" --status | grep "instrumented" | awk '{ print ComputerName }')

I also tried to echo the script to the local client and have it run locally, but when it gets written, it also changes to 'print ComputerName'

Likewise, for when I use $3, it prints out the username instead of the third word.

Like
SOLVED Posted: by jcompton

So all Casper is doing is passing arguments to your script.

You should be able to emulate this and refine locally.

Here's an elementary example

Make a script out of these lines, call it "testScript.sh" and save locally

#!/bin/bash
echo "First Argument is $1"
echo "Second Argument is $2"
echo "Third Argument is $3"

stringToAwk="Civil War"

echo "The result of our awk is $(echo $stringToAwk | awk '{print $2}')"

Then run

./testScript.sh  Ironman Captain Hawkeye

Output should be:

First Argument is Ironman
Second Argument is Captain
Third Argument is Hawkeye
The result of our awk is War

Like
SOLVED Posted: by krispayne

There is a length limit to the parameter fields. Not sure what it is, but it's not long enough to hold an ssh public key.

Like
SOLVED Posted: by donmontalvo

This is a great feature, but I really wish Jamf Pro could/would support SHA2 (or better) hashed passwords. In any case very useful, even if tied to the product (script isn't portable). Kudos to Jamf for the solution!

Like
SOLVED Posted: by donmontalvo

(duplicate; server side issue; feel free to delete)

Like
SOLVED Posted: by donmontalvo

(duplicate; server side issue; feel free to delete)

Like
SOLVED Posted: by devlinford

Hey everyone...

Is it possible to included multiple usernames in one of the $4-$6 fields?

For example, I want something to run against userA and userB. Can I input in $4:

userA,UserB

OR

userA, UserB

Something like this? If so, what is the best practice? Hoping to get the script to pass in both of these usernames.

Thanks,

Dev

Like
SOLVED Posted: by PeterClarke

If you wanted to put: userA, userB into one parameter, then you would need to quote it like this:
"userA, userB" as otherwise only the first item userA would be picked up..

If you did pass a compound item like that though - then your script would need to parse it.

The other simpler alternative - if you only had say two users to handle, would be to use separate parameters for them as in $4 and $5
It all depends on what you are trying to do.. as to whether this is the right approach or not.

Like
SOLVED Posted: by kneitzel

Another possibility with entering multiple values separated by a delimiter is to simply split these up inside the script.

So you could create a simple loop to get all users while splitting up the value of the variable.

A simple bash script which is doing this:

#!/binbash
# Split up user
IN="user1,user2"

users=$(echo $IN | tr "," "\n")

for user in $users
do
    echo "> [$user]"
done

So this script gets the user in $user and prints out a > sign + the user in [ ].

I hope this helped, too.

Like
SOLVED Posted: by devlinford

@PeterClarke & @kneitzel,

Thanks for the quick responses....I think that Peter's latter suggestion will work best in my scenario as I only have two user accounts to worry about!

I'm gonna give this a shot!

Thanks,

Like
SOLVED Posted: by devlinford

...Just a folllow up @PeterClarke , your suggestion worked great for my needs!

Thanks again,

Like