Execute macOS scripts as Defined User

Description

By default, the FileWave Client executes scripts and tasks with elevated permissions (root on macOS). The below shows a method to launch a command as an alternate user when ran through FileWave.

Ingredients

Text editor
FileWave Central

Directions

The sudo command may be used to define a user to run a command. Launchctl may also be used to define a user. In some instances only one of these options may be successful. However, both may be defined in the same command at the same time, increasing the chances of success.

The below method not only shows a method to define the user, but grabs the current 'console' user.

#!/bin/zsh
current_user=$(stat -f%Su /dev/console)
current_user_id=$(id -u $current_user)

whoami

launchctl asuser $current_user_id sudo -u $current_user whoami

When ran through FileWave, the output of the above will show the output of the 'whoami' command has altered, by first echoing the root username and then the name of the active console user of the device.

If the current user logged in where 'sholden', the output should show:

root
sholden

Execute macOS scripts as Defined User

Execute Powershell Scripts as Defined User

macOS 10.15+ and zsh shell for scripting

Referencing Launch Arguments in Scripts

Script Best Practices

Scripting Languages supported in FileWave

Using PsExec to Test PowerShell 32bit Scripts on Windows with FileWave

Apple MDM Troubleshooting

Backup Procedures for FileWave Hosted Servers

FileWave Error Codes

FileWave Log File Locations

How to Restart FileWave Components

Resolving Network Issues with FileWave Server or Boosters on macOS when using Carbon Black EDR Extension

What is Compatibility Mode?

FileWave Automation Scripts

Execute macOS scripts as Defined User

Description

Ingredients

Directions

No Comments