The Addigy agent runs as the root user on each device, so any scripts run through the Devices or Policies sections of Addigy will need special consideration if they have to write to user-level accounts and files.
Addigy provides a very simple command-line utility for executing scripts as a particular user:
/Library/Addigy/user-job
You can see the usage instructions for the user-job command by executing it without any flags...
/Library/Addigy/user-job
-all
Runs the job as all users for this device.
-continue-on-error
Continues running the command on all users even if one fails. Error will be printed to console. Must be used with --all flag.
-run
Runs a user job. Must be used with the flag --all or --user.
-user string
Runs the job as the specified user.
-v Prints the current version.
For implementing this into a script, simply add the "-user" flag followed by the username you would like to execute the script, and the "-run" flag command to be executed.
Note: The user-job runs from the the user's home directory; all paths to files referenced in the user job script should be absolute.
User Job Example
The below command demonstrates changing a user-level setting by combining the "user-job" and "defaults write" commands.
/Library/Addigy/user-job -user kurtrussell -run defaults write com.apple.user-level-preference some-setting
You can combine this with a code snippet that grabs the current user to create a more generic script that will run for the currently logged in user:
#!/bin/bash
loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
/Library/Addigy/user-job -user "$loggedInUser" -run defaults write com.apple.some-user-settings another-setting
The first command stores the currently logged-in user account to the variable loggedInUser. This command comes from MacAdmin Erik Berglund's article: Script Tip: Get the currently logged in user, in Bash
When we insert this variable into our "user-job" command. Now we can change this setting across all currently logged-in users in an entire policy or organization without having to know their usernames.
Taking this one step further, we can add the "-all" and "-continue-on-error" flags to generalize our script for even users that aren't currently logged in.
/Library/Addigy/user-job -all -continue-on-error defaults write com.apple.finder CreateDesktop -bool FALSE killall -HUP Finder
This simple script disables icons from displaying on the desktop. It's not an impressive setting to change, but it helps demonstrate the power of the /Library/Addigy/user-job tool.