The Addigy agent runs as the root user on each device, so any scripts run through the Devices or Policies sections of Addigy will need special consideration if they have to write to user-level accounts and files.

Addigy provides a very simple command-line utility for executing scripts as a particular user: /Library/Addigy/user-job

You can see the usage instructions for the user-job command by executing it without any flags...   

      Runs the job as all users for this device.
      Continues running the command on all users even if one fails. Error will be printed to console. Must be used with --all flag.
      Runs a user job. Must be used with the flag --all or --user.
  -user string
      Runs the job as the specified user.
  -v  Prints the current version.

For implementing this into a script, simply add the "-user" flag followed by the username you would like to execute the script, and the "-run" flag command to be executed. For example:

/Library/Addigy/user-job -user kurtrussell -run defaults write some-setting

The above command demonstrates changing a user-level setting by combining the "user-job" and "defaults write" commands.

You can combine this with a code snippet that grabs the current user to create a more generic script which will run for the currently logged in user:

loggedInUser=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");'`
/Library/Addigy/user-job -user $loggedInUser -run defaults write another-setting

The first command stores the currently logged in user account to the variable loggedInUser. This snippet comes from Mike "Frogor" Lynn and Ben Toms, well-known MacAdmins. You can find Toms' arcticle on this snippet on his site here: [MacMule] "HOW TO: GET THE CURRENTLY LOGGED IN USER, IN A MORE APPLE APPROVED WAY".

When we insert this variable into our "user-job" command. Now we can change this setting across all currently logged in users in an entire policy or organization without having to know their usernames.

Taking this one step further, we can add the "-all" and "-continue-on-error" flags to generalize our script for even users that aren't currently logged in.

/Library/Addigy/user-job <strong>-all -continue-on-error</strong> defaults write CreateDesktop -bool FALSE
killall -HUP Finder

 This simple script disables icons from displaying on the desktop. It's not an impressive setting to change, but it helps demonstrate the power of the /Library/Addigy/user-job tool.