Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

run script as logged in user, not as root

Having a black out and can't locate the info on this… I know its been a topic on here, so hopefully someone can snap me back to life.
The goal is to send a script or simple command to be executed as the currently logged in user –not as root.

Anyone have the answer handy?

Nick Caro Senior Desktop Support Administrator

Phone +1 212-839-1587 Fax 212-946-4010 nick.caro at rga.com<mailto:nick.caro at rga.com>

R/GA 350 West 39th Street New York, NY 10018
www.rga.com<http://www.rga.com/> www.twitter.com/rga<http://www.twitter.com/rga> www.facebook.com/rga<http://www.facebook.com/rga>

The Agency for the Digital Age™

Like Comment
Order by:
SOLVED Posted: by jarednichols

Get the owner of /dev/console and sudo -U of that user.

j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

Like
SOLVED Posted: by Account Deleted

Not sure what exactly you're trying to accomplish, but

`who | grep "console" | cut -d" " -f1`

Will get you the shortname of the currently logged in user.

Bob

Like
SOLVED Posted: by Account Deleted

I want to launch a widget as the current logged in user

Nick Caro Senior Desktop Support Administrator

Like
SOLVED Posted: by tlarkin

If you are running it as a log in policy I believe $3 will return the
current user. If you are using the built in apple tools from the login
window to run a script at log in, $1 will return the current user. If
you are deploying something as a user agent in \~/Library/LaunchAgents
$USER will return the currently logged in user. If you are triggering a
policy via self service in a user session detecting ownership of
/dev/console will give you the current user.

Like
SOLVED Posted: by tlarkin

You may want to make this a user agent then, or look at sudo -u
$currentuser open -a /path/to/widget where $currentuser would be a
command to grab the currently logged in user.

Alternatively you can package up all widgets and put them in
/Library/Widgets and any user can launch them from the dashboard.

Like
SOLVED Posted: by Account Deleted

Thank you!

Nick Caro Senior Desktop Support Administrator

Like
SOLVED Posted: by bentoms

Depending on what you're trying to achieve you could run a launch agent, that calls a script.

I've an AppleScript app that mounts drives & printers depending on ad group membership. This app is launched from a launchagent @ login.

Regards,

Ben.

Like
SOLVED Posted: by talkingmoose
On 6/2/11 10:14 AM, "Nick Caro" <Nick.Caro at rga.com> wrote: Having a black out and can't locate the info on thisŠ I know its been a topic on here, so hopefully someone can snap me back to life. The goal is to send a script or simple command to be executed as the currently logged in user ­not as root. Anyone have the answer handy?

A launchd item placed in /Library/LaunchAgents will execute commands under
the current user. You can use it to call a more complex script that you've
stored somewhere.

Lingon is great for creating launchd items effortlessly.

--

William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492

Like
SOLVED Posted: by youngmk

I just want to say thanks for the information. I know there are several ways to get the user variable, but the one I used was /usr/bin/logname
I found that in one of the threads on this subject. Im posting my script below in case someone finds it helpful. I used this script to make a self service item to launch a script that pulls kerberos name/password to mount a drive.

#!/bin/bash

### Variables
user=/usr/bin/logname\

### comment out to see values in Terminal
##echo "${user}"

### Functions

su ${user} /Library/Scripts/mount_at_login.sh

Like
SOLVED Posted: by tkimpton

This is what I user for things like resetting Photoshop , Font Explorer to backing up Firefox bookmarks etc in Self Service

consoleuser=ls -l /dev/console | cut -d " " -f4\

su \- "${consoleuser}" -c 'command to run'

Like
SOLVED Posted: by mm2270

'/usr/bin/logname' sounds good, but it doesn't work when done through Casper Remote, and possibly some other methods, such as non Self Service policies. I just tried it quickly through Casper Remote and I got our Casper Suite service account returned as the result in every single case. I'd be careful where you use that.

Like
SOLVED Posted: by tkimpton

Mine works 100%

Like
SOLVED Posted: by jacob_salmela

Maybe not the best, but it's short and it works.

#!/bin/bash
#variable for storing the current users name
currentuser=`stat -f "%Su" /dev/console`

#substituting as user stored in variable to modify plist
su "$currentuser" -c "<command to run>"
Like
SOLVED Posted: by bentoms

Hi Tim,

Just a note to say I tried what you mentioned @ 7/18/12 at 1:00 PM & it's worked for me too!

Like
SOLVED Posted: by tkimpton

sweet :)

Like
SOLVED Posted: by ToriAnneke

Hey all,

Is there a way to run an entire script as the logged in user, as opposed to a command?

I'm trying to run the script as a Policy; Once per Day frequency, Re-occuring Check-In trigger. But it errors cause I guess the policy is running the script as Root so it fails like it should. Even from Remote it errors correctly.

If I call the policy from the client machine using a custom trigger within Terminal, it executes correctly.

The script lives in the JSS and not on the client machine. I know I can put the script locally and let it run with launchd but we are trying to use the JSS with its log reporting to find out if any failed, completed, etc..

#!/bin/bash

#Define variables
consoleUser=`ls -l /dev/console | cut -d " " -f4`
SOURCE_Folder=/Users/$consoleUser
localMOUNT=/Users/Shared/homeBakSource
userShortNames=(`ls -1 /Users`)
theFileServer=//my.server.company.com/Home%20Folders

#############################################################
################# Primary Sanity Checks #####################
#############################################################

### Check to see if a user is logged in.
### define an array of all items listed in the /Users folder
# for each user in the array
for user in ${userShortNames[@]}
    do
    if [ ! -z `/usr/bin/dscl . -list /users | grep $user` ];    then
        if [ “$consoleUser” == “$user” ];   then
            echo "We got a logged in user!! Let's continue."
        else
            echo "No one logged in. Aborting!"
            exit
        fi  
    fi
    done

### Check to see if the CLT are installed, if not exit.
if [ ! -d /Library/Developer/CommandLineTools ];    then
    echo "No Command Line Tools. Need to install. Aborting"
    exit
fi

### Check to see if rsync is installed where it should be
### We use the compiled version of rsync version 3.10 and
### not the Apple default which is 2.6.9 which is no longer
### supported.
if [ ! -f /usr/local/bin/rsync ];       then
    echo "The correct verison of rsync in not installed. Aborting!"
    exit
fi

### Check to see if the source folder exists. It should but it's wise to make
### a sanity check regardless.
if [ ! -d $SOURCE_Folder ];     then
    echo "Source home folder not available. Aborting"
    exit
fi

### Check to see if the folder for the mount point exists, if not lets make it.
if [ ! -d $localMOUNT ];    then
    mkdir $localMOUNT
fi

#############################################################
################ /Primary Sanity Checks #####################
#############################################################

#############################################################
############### Secondary Sanity Checks #####################
#############################################################

### We need a sanity check to make sure the mount point is available
if [ ! -d $localMOUNT ];    then
    echo "Could not find local mount point. Aborting."
    exit
else
### Let's mount the destination
mount -t smbfs $theFileServer/$consoleUser $localMOUNT
fi

#############################################################
############## /Secondary Sanity Checks #####################
#############################################################


### Execute the sync
/usr/local/bin/rsync -aNHxv --progress --delete $SOURCE_Folder $localMOUNT

sleep 2

umount $localMOUNT
rm -Rf $localMOUNT
Like
SOLVED Posted: by kahuna

@pvader same here , jamf ever answer your needs from 2014? if not what tool you using?

Like
SOLVED Posted: by ToriAnneke

Hi.. I am no longer working in IT.. sorry, can't help you!
xoxoxo

Like
SOLVED Posted: by Nix4Life

@kahuna

take a look at outset. it's what most are using

Like

Jamf wants to hear your feedback around Jamf Pro: LDAP Servers and Reports!