Categories
Mac admin'ing

Running commands as a user when scripting for Munki or Jamf

Munki and Jamf run as root, so scripts they execute execute as root, not user.

One great way around this is to use Outset‘s login scripts (login-once, login-every), but sometimes you may have occasion to actually run a script immediately as the logged-in user.

Obviously, you’ll want to get the currently logged-in user into a variable you can use—several methods for that are described in How To: Get the currently logged in user, in a more Apple approved way—and you’ll want to watch out for the “logged in user” being _mbsetupuser, root, or just blank.

Then, you can use su to substitute a user identity:
/usr/bin/su -l "$loggedInUser" -c "commandyouwanttorunastheuser"

This is kind of a hack, so whether you’re using this as a postinstall_script in a Munki nopkg or a script that a Jamf policy is calling, you’ll definitely want to thoroughly test it to make sure it does what you want it to do

Leave a Reply

Your email address will not be published. Required fields are marked *