site_archiver@lists.apple.com Delivered-To: installer-dev@lists.apple.com Thread-index: AcjGkz6TBvG7gPWlRUCHoV6FAeI1jgAKH9+g Thread-topic: Run an application as another user not root User-agent: Microsoft-Entourage/12.10.0.080409 I never could get it to work by calling su or sudo but finally, after too many hours of tinkering, found a way to get this setup to fly. I ended up having the PackageMaker3 installer to run this particular component and not require admin authentication, which in turn runs all the scripts as the local user instead of root and engage the applescript app which will do the wireless setup. However, there were several steps that require root access (turning on assistive devices, importing the certificate into the keychain, etc.), so I called those with do shell script commands with administrator privileges true. As part of my script, I was already having the user enter their password so that the applescript could automatically get through several authentication dialogs and I was already pulling their username with do shell script ³echo $USER². So I had the pieces of the puzzle to put into the applescript. Also realized that I was creating a second problem after trying to get around the run as user instead of root problem. There¹s an oddity to putting the certificate into the keychain and setting the trust values before you connect to a WPA2 wireless network on 10.5.3 (and maybe others). The keychain item that contains the username and password for the wireless network will not be created and stored in the login.keychain. Order apparently matters. Once I scripted the settings into the network/System Preferences and THEN put in the certificate and trust settings and THEN activated the wireless, and only then would it work. Now noticing an oddity with changing your password and it not sticking or loading into the keychain but instead displaying the 802.1X authentication dialog. On to the next problem. For anyone possibly interested in using an automated method for setting up a WEP and/or WPA/WPA2 wireless network, I¹ll include the applescript here. I¹m running this inside of a larger installer as a separate choice (dumping the contents to /tmp and running from there), but it could be run as a local user or tech as long as they have an admin account (we¹re going to be using this primarily with students). All that¹s needed is this applescript and the WPA wireless certificate, in my case, converted from .CER to .PEM. I also added some BigHonkingText displays to remind people *no touchy touchy* especially since there are several 5 second pauses at dialog boxes that I can¹t explain. If you make any use of this, let me know so that I can a least feel like some of the time I (and my helper) invested was worth something. Oh, and it only works on Leopard, didn't bother trying to get it to work on Tiger. I wish I could have accomplished this in a command-line method, but hit major brickwalls with getting the certificate trust settings to stick, but at least this works. Still wish I could lock the keyboard and mouse/trackpad to ward off evil spirits. set CertName to "name_of_your_certificate" set WPANameString to "yourWPAnetwork" set WEPNameString to "yourWEPnetwork" set WEPPassString to "yourWEPpassword" set ClearClipboardString to "any bit of text to clear the clipboard" set theUser to (do shell script "echo $USER") -- this creates an entry in the system keychain, sets up the wireless connections and sets up permissions on the certificate try tell current application activate set acctBox to display dialog "Wireless Connection Setup: Please enter your wireless USERNAME (Ex. USERNAME@yourdomain.edu)" default answer "" buttons {"Cancel", "OK"} default button 2 set myAcct to the text returned of acctBox set myButton to the button returned of acctBox if myButton is "OK" then if myAcct is not "" then set myPass to display dialog "Please enter your wireless password:" default answer "" buttons {"Cancel", "OK"} default button 2 with hidden answer if myPass is not "" then set myMacPassDialog to display dialog "Please enter your Mac/Apple password. (This is the password you used to start the installer)" default answer "" buttons {"Cancel", "OK"} default button 2 with hidden answer set myMacPass to the text returned of myMacPassDialog else RestartRoutine() end if else RestartRoutine() end if else RestartRoutine() end if if myAcct contains "@" then set myAcct to text 1 through ((offset of "@" in myAcct) - 1) of myAcct end if set acctBox to display dialog "Click OK to install then please DO NOT TOUCH the keyboard or mouse/trackpad until wireless setup is complete!" buttons {"Cancel", "OK"} default button 2 set myButton to the button returned of acctBox if myButton is "Cancel" then quit end if end tell -- MUST Turn off wireless do shell script "networksetup -setairportpower off" user name theUser password myMacPass with administrator privileges -- MUST Turn on Assistive Devices for script to run properly do shell script "sudo touch /private/var/db/.AccessibilityAPIEnabled" user name theUser password myMacPass with administrator privileges tell application "System Preferences" activate set the current pane to pane id "com.apple.preference.network" get the name of every anchor of pane id "com.apple.preference.network" reveal anchor "Advanced Airport" of pane id "com.apple.preference.network" tell application "System Events" tell application process "System Preferences" -- Setup WPA2 network do shell script "/tmp/yourfolder/BigHonkingText -M -p 2 -b orange \" Please DO NOT TOUCH, be patient. \"" click button 1 of group 1 of tab group 1 of sheet 1 of window "Network" set the clipboard to WPANameString click text field 1 of group 1 of window 1 keystroke "v" using {command down} click pop up button 1 of window 1 click menu item "WPA2 Enterprise" of menu 1 of pop up button 1 of window 1 delay 1 click pop up button 2 of window 1 click menu item "Automatic" of menu 1 of pop up button 2 of window 1 delay 1 set the clipboard to myAcct click text field 1 of window 1 keystroke "v" using {command down} delay 1 set the clipboard to myPass keystroke tab keystroke "v" using {command down} delay 1 click button "Add" of window 1 -- Setup WEP network do shell script "/tmp/yourfolder/BigHonkingText -M -p 2 -b orange \" Please DO NOT TOUCH, be patient. \"" click button 1 of group 1 of tab group 1 of sheet 1 of window "Network" set the clipboard to WEPNameString click text field 1 of group 1 of window 1 keystroke "v" using {command down} click pop up button 1 of window 1 click menu item "WEP Password" of menu 1 of pop up button 1 of window 1 set the clipboard to WEPPassString keystroke "v" using {command down} delay 1 click button "Add" of window 1 click button "OK" of sheet 1 of window "Network" keystroke myMacPass keystroke return set the clipboard to ClearClipboardString delay 2 click button "Apply" of window "Network" end tell end tell end tell -- Add the certificate to the keychain do shell script "certtool i /path/to/your/certificate/tigernet.clemson.edu.pem k=/Users/$USER/Library/Keychains/login.keychain" user name theUser password myMacPass with administrator privileges -- Setup permissions on the certificate tell application "Keychain Access" activate tell application "System Events" tell application process "Keychain Access" delay 2 keystroke CertName keystroke tab keystroke tab keystroke tab keystroke "i" using {command down} delay 1 click checkbox 1 of scroll area of window "name.of.your.certificate" delay 1 click pop up button 4 of scroll area of window "name.of.your.certificate" keystroke "a" keystroke return delay 0.5 click pop up button 10 of scroll area of window " name.of.your.certificate" keystroke "a" keystroke return delay 0.5 do shell script "/tmp/yourfolder/BigHonkingText -M -p 2 -b orange \" Please DO NOT TOUCH, be patient. \"" click button 1 of window "name.of.your.certificate" keystroke myMacPass keystroke return delay 1 tell application "Keychain Access" to quit end tell end tell end tell -- Connect to wireless do shell script "networksetup -setairportpower on" delay 1 tell application "System Preferences" to quit display dialog "Wireless Setup Is Complete! Please click the 'OK' button." buttons {"OK"} default button 1 on error display dialog "Wireless setup failed! Please call Jenny at 867-5309 for more help." end try -- Bryan S. Lee Information Resource Consultant II Computer Support Services Clemson Computing and Information Technology Clemson University bl@clemson.edu ACHDS 10.4, MCP NTS/NTW ------ Forwarded Message From: henri <henri@stmargarets.school.nz> Date: Wed, 4 Jun 2008 18:34:39 -0400 Subject: Re: Run an application as another user not root I have seen problems using 'su' command when combined with the '-c' option on Mac OS 10.5.x. I have only had problems with 'su' itermittently and only when using 'su' in a login script. I would recommend the use of 'sudo' over 'su' for Mac OS 10.5 and greater. Moving to 'sudo' certainly fixed the issues which I was experiencing with a login hook. Hope this helps. Kind regards, Henri On 4/06/2008, at 8:29 AM, Bryan S. Lee wrote:

I'm wrestling with having an Applescript App engage by a postscript in PackageMaker 3. It will run fine except that it is running as root (due to being started by the installer script) and there are certain steps in the process that deal with Keychains and System Preferences (attempting to automatically setup multiple wireless connections) that require it be run as the current user.

I've tried a couple of things and either can't get it to work correctly or only partially work (which is more confusing).

I've tried running my script as all of the following:

open /tmp/fakename/fakename/setupwireless.app (runs as root as far as I can tell and won't show the login.keychain in Keychain access)

su ${USER} -c /tmp/fakename/fakename/setupwireless.app (again, runs as root)

osascript -e "do shell script \"open /tmp/fakename/fakename/setupwireless.app\" administrator privileges true" (works for showing the correct login.keychain in Keychain access, but won't actually put the password keychain item for the wireless setup, created by sys prefs into the correct keychain for the local user)

su ${USER} -c osascript -e "do shell script \"open /tmp/clemson/cuwireless/setup_cu_wireless.app\" administrator privileges true" (get an interesting error about not being able to get to the keychain and wants to reset to defaults)

Any ideas or other methods to try and run this particular app as the user rather than root would be appreciated.

-- Bryan S. Lee Information Resource Consultant II Computer Support Services Clemson Computing and Information Technology Clemson University 864-656-3716 bl@clemson.edu

ACHDS 10.4, MCP NTS/NTW

_______________________________________________ Do not post admin requests to the list. They will be ignored. Installer-dev mailing list (Installer-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: "ttp://lists.apple.com/mailman/options/installer-dev/henri %40stmargarets.school.nz

This email sent to henri@stmargarets.school.nz

------ End of Forwarded Message _______________________________________________ Do not post admin requests to the list. They will be ignored. Installer-dev mailing list (Installer-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/installer-dev/site_archiver%40lists.a... This email sent to site_archiver@lists.apple.com