Intro.
Previously I have written a few posts around using DEPNotify, which is still a great tool with loads of uses if you put your mind to it. However there is now a new challenger in the user display arena, Octory, and I’ve been exploring its uses for a while now.
disclaimer: I don’t work for the authors or get anything for this, I just like what it can do.
There is one codebase for Octory but more features if you license the Pro version. One of those is a built in helper to run things as root because Octory runs as the user, in the same way as DEPNotify.
But what if you want to do some root process from an Octory user GUI?
A bit of background?
I had an idea of building a tool to elevate a user to admin for a set time and in my first version I used Octory for the user GUI but ran the controlling script from Jamf Self Service, meaning that the script was already running as root and this launched Octory as the user using a sudo user switch;
sudo -u ${LOGGEDINUSER} open -a "/Library/Application Support/Octory/Octory.app/Contents/MacOS/Octory" --args --config mycustom.plistSo when the user responded to the question on the form Octory wrote its output file and the rest of the process ran as root, which is pretty much the way many other processes work.
Then someone asked me, “how does it work if they are offline?”… well of course it doesn’t really so time to rethink and write V2.
V2 time
So how could I get a constantly running user level process to run a root level action?
Firstly I switched Octory to Menubar mode, so it could be launched at login by a LaunchAgent, which runs it as user level.
A LaunchDaemon has been configured that monitors for the Octory output file, which is confusingly called Input in the settings.
This LaunchDaemon is configured to:
- set to always keep running, Keepalive.
- monitors for the file creation, PathState.
- Runs the script, ProgramArguments.
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>KeepAlive</key> <dict> <key>PathState</key> <dict> <key>/var/tmp/adminelevation.plist</key> <true/> </dict> </dict> <key>Label</key> <string>com.elevate.start</string> <key>OnDemand</key> <true/> <key>ProgramArguments</key> <array> <string>/Library/Management/Scripts/elevate.sh</string> </array> </dict> </plist>
This script can then tidy up the trigger file, kill Octory then relaunch it, as shown previously, or not depending on your needs.
So it’s really simple to make the free version of Octory run a process as root based on user input to its many available interaction types.
MontysMacMusings 