Tag Archive

Scripting changing user icons: dsimport prompts for password in zsh

Posted on November 11, 2020 by alanysiu

2 June, 2021 Update

Special shoutout to Armin Briegel for pointing out that the zsh version runs just fine if you use a different variable name from USERNAME.

I’ve tried it with USERACCOUNT instead, and I’ve confirmed it works fine with zsh.

Original Post

Apple is moving toward making zsh the default shell instead of bash, and it may even eventually remove bash completely from being preinstalled on macOS.

So lots of Mac admins are working to revise scripts from bash to zsh.

Last year, I blogged about Scripting changing the user picture in macOS and referenced this script in particular, which works wonders… that is, unless you try to switch it to zsh.

If you run it as is (using bash), it changes the user picture just fine:

dscl . delete /Users/username JPEGPhoto
dscl . delete /Users/username Picture
userpic.sh username /Library/User\ Pictures/Animals/Zebra.tif

Successfully imported users picture.

If you switch it to zsh, though, it gets permission is denied and then prompts for the password of the user whose picture you’re trying to change:

dscl . delete /Users/username JPEGPhoto
dscl . delete /Users/username Picture
userpic.sh username /Library/User\ Pictures/Animals/Zebra.tif

/usr/local/bin/userpic.sh:16: permission denied: /Library/Caches/username.picture.dsimport
username's password:


Running commands as a user when scripting for Munki or Jamf

Posted on March 11, 2020 by alanysiu

Munki and Jamf run as root, so scripts they execute execute as root, not user.

One great way around this is to use Outset‘s login scripts (login-once, login-every), but sometimes you may have occasion to actually run a script immediately as the logged-in user.

Obviously, you’ll want to get the currently logged-in user into a variable you can use—several methods for that are described in How To: Get the currently logged in user, in a more Apple approved way—and you’ll want to watch out for the “logged in user” being _mbsetupuser, root, or just blank.

Then, you can use su to substitute a user identity:
/usr/bin/su -l "$loggedInUser" -c "commandyouwanttorunastheuser"

This is kind of a hack, so whether you’re using this as a postinstall_script in a Munki nopkg or a script that a Jamf policy is calling, you’ll definitely want to thoroughly test it to make sure it does what you want it to do