[Casper] FUT, ownership, and permissions

Fri May 15 09:16:11 PDT 2009

When I got to work I looked again at my e-mails and saw that I said it 
LaunchDaemon. This would probably work but wouldn't be a good practice. 
You probably want a Launch Agent installed here: /Library/LaunchAgents

 From the Apple web site 
(http://developer.apple.com/documentation/Darwin/Reference/ManPages/man5/
launchd.plist.5.html):

/Library/LaunchAgents          Per-user agents provided by the 
administrator.
/Library/LaunchDaemons         System wide daemons provided by the 
administrator.

Let me know how this works out.

-Adam

-----Original Message-----
From: Dorey, Dustin <Dustin.Dorey at district196.org>
To: Adam Shepard <adamshep07 at aol.com>
Cc: Casper List <casper at list.jamfsoftware.com>
Sent: Fri, 15 May 2009 6:15 am
Subject: RE: [Casper] FUT, ownership, and permissions

Thanks for the idea, I’m going to try building it right now.  

I just had it stuck in my head to add the item to the user’s
login items and just kept going down that path, kind of stuck in a 
rut.  

BTW ever use lingon to build your agents, and daemons?  

Thanks again!

-Dusty-

Dustin  Dorey

Technology Support Cluster Specialist

Independant School District 196

Rosemount-Apple Valley-Eagan Public Schools

dustin.dorey at district196.org

651|423|7971

From: Adam Shepard
[mailto:adamshep07 at aol.com]
=0
D
Sent: Friday, May 15, 2009 8:11 AM

To: Dorey, Dustin

Cc: Casper List

Subject: Re: [Casper] FUT, ownership, and permissions

Correct this is a daemon that we put here:
 /Library/LaunchDaemons/. This would also help you avoid having to use 
FUT
and an AppleScript which would be one less point of failure to have to
troubleshoot.

On May 15, 2009, at 5:49 AM, Dorey, Dustin wrote:

I’m assuming that this is a daemon and not a user agent, is that
correct?

-Dusty-

Dustin  Dorey

Technology Support Cluster Specialist

Independant School District 196

Rosemount-Apple Valley-Eagan Public Schools

dustin.dorey at district196.org

651|423|7971

From: Adam
Shepard [mailto:adamshep07 at aol.com] 

Sent: Thursday, May 14,
2009 7:32 PM

To: Dorey, Dustin

Cc: Casper List

Subject: Re: [Casper] FUT,
ownership, and permissions

=0
D

We have an app that we load in the
menu bar that users can click on and get their local ethernet and 
airport IP
address'.  In order to launch this on all machines we use launchd. This
simply points to the application to launch and is also set with the 
KeepAlive
key set to true so that even if the user quits it, it relaunches.

Below is the launchd plist we use.

-Adam

Adam Shepard

Creighton School District Web
Developer / System Administrator [Office 602-381-6000][Cell 
602-319-8935]

&lt;?xml version="1.0"
encoding="UTF-8"?&gt;

&lt;!DOCTYPE plist PUBLIC
"-//Apple Computer//DTD PLIST 1.0//EN" 
"http://www.apple.com/DTDs/PropertyList-1.0.dtd"&gt;

&lt;plist version="1.0"&gt;

&lt;dict&gt;

 &lt;key&gt;Label&lt;/key&gt;

 &lt;string&gt;org.creightonschools.ip4me&lt;/string&gt;

 &lt;key&gt;KeepAlive&lt;/key&gt;

 &lt;true/&gt;

 &lt;key&gt;ProgramArguments&lt;/key&gt;

 &lt;array&gt;

 &lt;string&gt;/Applications/ip4me.app/Contents/MacOS/ip4me&lt;/string&gt
;

 &lt;/array&gt;

&lt;/dict&gt;

&lt;/plist&gt;

On May 14, 2009, at 1:27 PM,
Dorey, Dustin wrote:

OK so here goes,

I have this application that I want to use, it’s a Password
Expiration Monitor that sits in the Menu Bar and displays the days 
until their
password expires, also if you click on it the menu has a “change 
password”
option and opens system prefs and takes them to the change
password.    I
 like it, it makes our AD users lives a little
easier.    The caveat is that if you just package and install it
the user still has to launch the app and in it’s preferences set it to 
launch
at login.    Not something I’d like to have them do when I’m
trying to make their lives easier.    So I wrote an applescript
that adds the app to their login items for them.  So then I wanted to 
find
a way to trigger that applescript.   Launchd seemed a good way to go,
so I created a User Agent with Lingon that launches the applescript (I 
also
added a line to the applescript that deletes the Agent so it only runs 
the
first time)

Well as convulted as this sounds it worked well.   On a
machine the first time a user logs in launchd sees the agent I created, 
which
launches the applescript that adds the Password Monitor to the login 
items, and
then deletes the Agent since it’s not needed anymore. 

The problem is when I build the package and select to Fill the
User Template so AD users will get that launchd agent FUT sets the 
permissions
to that user.

For the agent to work it needs a very specific set of permissions
and owne
rship.    Any ideas on how to override this or have I
just gone off the deep?   I’m trying to avoid having a policy set to
all of our AD bound machines since the number of policies is getting 
rather
astronomical and if I could have everything contained in the app I’d be 
much
happier.  

Is the answer a Dummy Receipt?   J

-Dusty-

Dustin  Dorey

Technology Support Cluster Specialist

Independant School District 196

Rosemount-Apple Valley-Eagan Public Schools

dustin.dorey at district196.org

651|423|7971

_______________________________________________

Casper mailing list

Casper at list.jamfsoftware.com

http://list.jamfsoftware.com/mailman/listinfo/casper

=

=