[Casper] FUT, ownership, and permissions

Dorey, Dustin Dustin.Dorey at district196.org
Thu May 14 13:50:29 PDT 2009 

Sorry   ~/Library/LaunchAgents   as I wanted it to launch for each new AD user that was created at the time of their first login .    Some of our machines have more than one AD user on them.   And I really didn’t care if it got put in startup items for non AD users since it would then just display a diamond in the menubar.

The associated Applescript that it launches creates a login item for the logged in user as well and then removes the agent  ~/Library/LaunchAgents/com.isd19.login.plist .

 

-Dusty-

 

 

Dustin  Dorey

Technology Support Cluster Specialist

Independant School District 196

Rosemount-Apple Valley-Eagan Public Schools

dustin.dorey at district196.org

651|423|7971

 

 

 

From: Thomas Larkin [mailto:tlarki at kckps.org] 
Sent: Thursday, May 14, 2009 3:39 PM
To: Dorey, Dustin; Casper List
Subject: Re: [Casper] FUT, ownership, and permissions

 

Where did you put the launchd item? 

 

/Library/LaunchAgents is for users at log in and will apply to all users 

 

/Library/LaunchDaemons is for system wide launchd items and are ran at boot 

 

~/Library/LaunchAgents are user specific launchd items and only launch when that specific user logs in.


___________________________
Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry:  913-449-7589
office:  913-627-0351





>>> "Dorey, Dustin" <Dustin.Dorey at district196.org> 05/14/09 3:27 PM >>>

OK so here goes, 

I have this application that I want to use, it’s a Password Expiration Monitor that sits in the Menu Bar and displays the days until their password expires, also if you click on it the menu has a “change password” option and opens system prefs and takes them to the change password.    I like it, it makes our AD users lives a little easier.    The caveat is that if you just package and install it the user still has to launch the app and in it’s preferences set it to launch at login.    Not something I’d like to have them do when I’m trying to make their lives easier.    So I wrote an applescript that adds the app to their login items for them.  So then I wanted to find a way to trigger that applescript.   Launchd seemed a good way to go, so I created a User Agent with Lingon that launches the applescript (I also added a line to the applescript that deletes the Agent so it only runs the first time) 

  

Well as convulted as this sounds it worked well.   On a machine the first time a user logs in launchd sees the agent I created, which launches the applescript that adds the Password Monitor to the login items, and then deletes the Agent since it’s not needed anymore.   

  

The problem is when I build the package and select to Fill the User Template so AD users will get that launchd agent FUT sets the permissions to that user. 

For the agent to work it needs a very specific set of permissions and ownership.    Any ideas on how to override this or have I just gone off the deep?   I’m trying to avoid having a policy set to all of our AD bound machines since the number of policies is getting rather astronomical and if I could have everything contained in the app I’d be much happier.    

  

Is the answer a Dummy Receipt?   

J 

  

-Dusty- 

  

Dustin  Dorey 

Technology Support Cluster Specialist 

Independant School District 196 

Rosemount-Apple Valley-Eagan Public Schools 

dustin.dorey at district196.org 

651|423|7971 

  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090514/77e41cfa/attachment.html

More information about the Casper mailing list