Upload it to your MDM and give certain processes pre-approval.įor the full script description and details, view the scripting Jamf JNUC 2020 video. The best tool for this, he said, is the PPPC Utility profile creator or iAmazing profile tool. Sometimes creating a PPPC profile is necessary.īriegel walked users through building an approval profile. Find alternative solutions such as using the Cocoa library or Briegel's own tool 'Desktoppr.'.If you use a command that is not one of these four, the user will get a privacy dialog notification. The following Apple events don't require approval: AppleScript usually talks wtih other processes that are owned by the user, and Mac has protections against root-run processes.ĭisplay Dialog/Notification scripts also need to be run as the user. For safety, run all osascripts as the user. These scripts generally need to run as the user. Briegel offered several scripts to address this issue. Many management tasks require root, but some require that it be run as user. This effects the behavior and what it can access. ![]() But if you launch the same script from Jamf or an installation script, it will be running as root. Scripts also inherit the user who is running the shell in terminal. There's a slight risk you'll override built-ins (/bin/echo)Ī better way of creating an environment you can be certain about is to create that environment at the beginning of your script. One solution around this uncertainty is to always use the full path to commands.ĭownsides: there's more code to type and to read, and there's more to remember. The /usr/local/bin folder is not protected it's meant to be a place for you to add functionality to the terminal, and because of that it might be unreliable for management. Universal PATH folders you can rely on: /bin /sbin /usr/bin /usr/sbin The path environment variable will not be the same.ĭepending on the environment, the default path will be different. Data may be missing, which may lead to your script failling.ĭo not assume these even exist: $USER, $HOME, $SHELL, $PWD ![]() When you run the same script as a Jamf policy or installation script, the shell will have a different environment. ![]() Your scripts runs from this and inherits a certain environment. When you run in Terminal, all of this is built from configuration in your terminal application, but also from the shell config files you may have created or gotten from third-party. Each terminal gets its own instance and shell options variables, aliases and functions. You write a script, it works in testing, and it stops working. How the shell environment affects scripts Armin Briegel, a Mac admin, consultant and author, walked JNUC 2020 participants through best practices when scripting for Jamf Pro.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |