Still have problems running scripts on a limited account…

I thought I had licked this, but apparently not.

I can run scripts fine on a limited account as long as they don’t require administrative privileges; adding these breaks the script.

The following script works flawlessly in the Manager (administrative) account, but stops after the first “do shell script” command on the kiosk (limited) account.

try
	
	-- Cleans Folder and downloads kiosk profile
	do shell script "cd /Users/kiosk/Documents/kioskprofile; rm *htm*; rm kiosk; wget -r -l 1 -nd -np -A kiosk [url=http://www.ourwebsite/kiosk/profile/]http://www.ourwebsite/kiosk/profile/"[/url]
	
	-- Copies kiosk file to proper folder and renames it to ".kiosk"
	do shell script "cp /Users/kiosk/Documents/kioskprofile/kiosk /Library/Preferences/Intego/ContentBarrier/Profiles/.kiosk" as "manager" password "manager_password" with administrator privileges
	
	-- Reboots the system
	tell application "System Events" to restart
	
on error -- do nothing
	
end try

Not sure if this means anything, but when I run the individual parts in the terminal, I get an error message saying something like “Sudo not allowed for user kiosk. This incident will be reported”.

Any help would be greatly appreciated…

Authentication usually runs through the “sudo” command (short for “super user do” but also a homonym for “pseudo” since it makes you a pseudo-root user).
From the unix man page for sudo:

Sounds to me that if you edited the sudoers file and added the kiosk account, you should be able to overcome this.

How comfortable are you with the unix-end of OS X?

Hope this helps.

I’ve looked at the sudoers file before, but I wasn’t sure what I should change. And can I edit the file in TextEdit, or does it need to be done in vi?

The man page for “sudoers” has a lot of info on how to edit it. It will take some digesting, but you should get what info you need from there.

That said, the first line of the sudoers file says, “This file MUST be edited with the ‘visudo’ command as root”.

Let us know how you make out with it.

If you’re trying to run that as the user manager, then you’re not doing it correctly. (Which is causing the script to be run be the current user [kiosk], who is not allowed to use sudo.)

From the StandardAdditions dictionary:

Try something like this:

do shell script "" user name "manager" password "manager_password" with administrator privileges

Our kiosks are running 10.3.2, and “user name” doesn’t seem to work. That’s why I’m using “as” instead.

Oh, ok. ˜User name’ was added in OS X 10.4. However, the ˜as’ behavior was added in OS X v10.3, and is still the cause of your problem.

As just specifies the type of data the do shell script command will return (text, unicode text, etc.).

In OS X 10.2.8 (Jaguar) you can only use with admistrator privileges and password and I believe the same is true for Panther (10.3). Since you can’t specify user name, I assume the command uses root privileges, which should be plenty for anything you need to do.

I believe that is correct.

I believe ˜administrator privileges’ always uses sudo. However, by default only admins can use sudo; Thus, the problem for Torajima is finding a way to run the script as someone who can use sudo.

OK, here’s what worked for me. I created a limited account (very limited, took away all rights to do anything except run Script Editor and TextEdit). From the master account I edited the sudoers file as follows:

(Note that for your use, the user “test” would be changed to “kiosk” and the grouping “TEST” can remain TEST or be changed to something else. The last line “test ALL=(BOSS)ALL” tells sudo “user test on ALL machines can run as BOSS ALL commands”)

Then I logged in as “test” and was able to run a script that looked like this:

do shell script "rm /Users/test/Documents/another file.rtf" with administrator privileges

So it seems that editing the sudoers file is your only option, but it DOES work to allow limited users higher privileges.

I didn’t add the “password” option, but that should be trivial at this point.

Thanks for the help guys! I’ll modify the script and try editing the sudoers file next week…