[Casper] run script as different user?

Jeremy Matthews jeremymatthews at mac.com
Wed Aug 20 10:42:12 PDT 2008 

Er....lemme back up.

We would bind a mac to OD, and then it would show up in WGM under  
computers. This is the way its worked since about 10.3 - works fine in  
10.4. We don't create computer records - OD does that for us during  
the binding process.

No computer records evident...

Thanks,
j


On Aug 20, 2008, at 1:39 PM, Miles Leacy IV wrote:

> OD doesn't discover computers.  You need to create the records in  
> the directory (using Workgroup Manager, typically) in order for them  
> to appear in Workgroup Manager.
>
> Were the computer records created in OD, and now they're missing?
>
> On Wed, Aug 20, 2008 at 1:36 PM, Jeremy Matthews <jeremymatthews at mac.com 
> > wrote:
> Yep - we have similar scripts and those work...I think something in
> the master_setup script is destroyed, and I'll have to check on the
> whole security daemon...it looks for and attempts to disable and files
> that are created within 1 minute of login (excepting LoginHooks and
> LaunchAgents).....weird, I know....
>
> The problem isn't binding macs to OD - its that the 10.5 Server cannot
> "see" them - nothing shows up in its list of computers.
> At. All.
>
> That is, except itself "$www.myserver.com"
>
> If anyone has insight there....I'm open.
>
> -j
>
>
> On Aug 20, 2008, at 1:31 PM, Thomas Larkin wrote:
>
> > Well, what about this
> >
> > #!/bin/sh
> >
> > #write settings to plist
> >
> > /usr/sbin/defaults wite /Users/*/Library/Preferences/
> > com.panic.Transmit3 SerialNumber 333-333-333-333
> >
> > #now set ownership and permission
> >
> > /bin/chmod -777 /path/to/plist
> >
> > #now set ownership
> >
> > /usr/sbin/chown -R user:group /path/to/plist
> >
> > For your OD issues I have a script that works for 10.4.11 and 10.5
> > and I use it in my environment to unbind and rebind servers in OD.
> >
> > http://tlarkin.com/tech/shell-script-remove-clients-bindings-old-server-and-then-bind-them-new-directory-server
> >
> > Yeah my website sucks, I am learning CMS so go easy, and yes that
> > was a shameless plug
> >
> > Thomas Larkin
> > TIS Department
> > KCKPS USD500
> > tlarki at kckps.org
> > cell:  913-449-7589
> > office:  913-627-0351
> >>>> Jeremy Matthews <jeremymatthews at mac.com> 08/20/08 12:23 PM >>>
> > Thomas,
> >
> > We used a wild card...or at last, what I thought was a wild card:
> > ----
> > for i in $( ls /Users )
> > do
> > defaults write /Users/$i/Library/Preferences/com.panic.Transmit3
> > SerialNumber 333-333-333-333
> > done
> > ----
> >
> > Unfortunately, this runs as root, so permissions get horked, etc. As
> > soon as the users launches the app (Transmit, in this case), the  
> "bad"
> > file gets overwritten. So, we still need to run another script to
> > repair permissions on said file.
> >
> > I get the whole composer thing - right now we're tied to  
> packagemaker
> > - per policy for this environment everything has to be a package/
> > metapackage. Its messy, I know. Try reverse-engineering CS3
> > installs...when Casper can nicely handle that for you. Plus,  
> composer
> > wants to diff the whole disk still...while something like LanRev can
> > watch specific directories...a lot faster when you know where things
> > will be installed.
> >
> > Love to get OD finished - but until some issues are resolved its a  
> no-
> > go. We pushed out MCX stuff before...hopefully that will be our path
> > in about 3 months. But not today, sadly.
> >
> > Thanks,
> > j
> >
> > On Aug 20, 2008, at 12:35 PM, Thomas Larkin wrote:
> >
> >> Well,
> >>
> >> I still don't know what exactly you are trying to accomplish but I
> >> can still give you a few pointers
> >>
> >> using a wild card in a script will apply to all users
> >>
> >> default write <insert bash commands, code, etc> /Users/*/path/to/
> >> plist
> >>
> >> the above is an out of syntax quick and dirty example.  The * is  
> the
> >> wild card
> >>
> >> Composer will capture any modifications you make to a file.  To  
> just
> >> give you an example, we have some old legacy netware file shares
> >> that only support plain text passwords.  By default AFP does not
> >> allow this.  So, I had to edit the AFP plist file to allow plain
> >> text passwords.  Before I did, I took a snap shot, then edited the
> >> file and took another snap shot and it picked up that I modified
> >> that plist file.  I then created a policy that pushes that plist
> >> out, and since composer took a snap shot of where that file goes as
> >> well, it runs as a root process and overwrites the original file
> >> with my new one that allows for plain text passwords.  This is
> >> easier in my opinion that writing a script to add the settings,
> >> especially when it comes to testing.  You can modify ownership and
> >> everything and Composer will keep those settings you set, convert  
> it
> >> to a dmg file and then you can toss it in Casper Admin, and then  
> set
> >> a policy in the JSS and you are done.
> >>
> >> Then under /System/Library/UserTemplates/English.lproj, you can set
> >> up templates so that whenever a user account is created it will use
> >> that template as the default settings.  Place that plist file in  
> the
> >> template and it should replicate out to every user.
> >>
> >> I suggest you get your Open Directory running and enforce things by
> >> group policy, it is a much nicer and easier way of managing the  
> OS X
> >> clients.
> >>
> >>>>> Jeremy Matthews <jeremymatthews at mac.com> 08/20/08 11:14 AM >>>
> >> Tried applying to all users - the file is created, but I then  
> have to
> >> go in a muck around with ownership - or else it gets overwritten  
> when
> >> certain apps are launched and cannot find a valid plist. If I try  
> to
> >> return the session user during an installation, it is usually root.
> >>
> >> Our 10.5 server is working, but clients are not binding properly,  
> so
> >> MCX attributes are out - unless I want to push those out as well,  
> but
> >> pointless until it is set for production.
> >>
> >> It was my understanding that composer used packagemaker, and
> >> therefore
> >> during an "installation", runs as root - which brings me back to  
> the
> >> issue - script needs to run as a different user - without me asking
> >> the user to authenticate.
> >>
> >> Tried the tilde - didn't work.
> >>
> >> Config file sounds interesting....what is that about?
> >>
> >> Thanks,
> >> j
> >>
> >> On Aug 20, 2008, at 11:54 AM, Thomas Larkin wrote:
> >>
> >>> You can do this many ways.
> >>>
> >>> use a wild card and apply to all users
> >>>
> >>> enforce it from MCX if you are running Open Directory
> >>>
> >>> Use composer and take a snap shot of the modification and assign  
> it
> >>> to smart groups with in casper, then deploy
> >>>
> >>> set it up as a self service policy and use the ~/ for that users
> >>> plist
> >>>
> >>> set it in the (forgot the file path) configuration file that  
> pushes
> >>> out new user settings every time a user is created
> >>>
> >>> What exactly are you trying to do?
> >>>
> >>> Thomas Larkin
> >>> TIS Department
> >>> KCKPS USD500
> >>> tlarki at kckps.org
> >>> cell:  913-449-7589
> >>> office:  913-627-0351
> >>>>>> Jeremy Matthews <jeremymatthews at mac.com> 08/20/08 10:49 AM >>>
> >>> I want to write defaults to a plist for a user that won't get
> >>> horked.
> >>> Needs to be pre-created...
> >>>
> >>> Thanks,
> >>> jeremy
> >>>
> >>> On Aug 20, 2008, at 11:42 AM, Thomas Larkin wrote:
> >>>
> >>>> May I ask why you would want to do this?
> >>>>
> >>>> If you can script it, Casper can and will run it.  If we know  
> your
> >>>> higher goal perhaps we can better answer your question.
> >>>>
> >>>> Thomas Larkin
> >>>> TIS Department
> >>>> KCKPS USD500
> >>>> tlarki at kckps.org
> >>>> cell:  913-449-7589
> >>>> office:  913-627-0351
> >>>>>>> Jeremy Matthews <jeremymatthews at mac.com> 08/20/08 10:35 AM >>>
> >>>> Casper can run scripts against your box, but it does so as a root
> >>>> user
> >>>> - what if I want to run the script as a different user, such as  
> the
> >>>> one who is logged in - without prompting for a password (like  
> su-)?
> >>>>
> >>>> Thanks,
> >>>> j
> >>>> _______________________________________________
> >>>> Casper mailing list
> >>>> Casper at list.jamfsoftware.com
> >>>> http://list.jamfsoftware.com/mailman/listinfo/casper
> >>>>
> >>>
> >>>
> >>
> >>
> >
> >
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080820/d5ad7e49/attachment.html

More information about the Casper mailing list