I can run scripts fine on a limited account as long as they don’t require administrative privileges; adding these breaks the script.
The following script works flawlessly in the Manager (administrative) account, but stops after the first “do shell script” command on the kiosk (limited) account.
-- Cleans Folder and downloads kiosk profile
do shell script "cd /Users/kiosk/Documents/kioskprofile; rm *htm*; rm kiosk; wget -r -l 1 -nd -np -A kiosk [url=http://www.ourwebsite/kiosk/profile/]http://www.ourwebsite/kiosk/profile/"[/url]
-- Copies kiosk file to proper folder and renames it to ".kiosk"
do shell script "cp /Users/kiosk/Documents/kioskprofile/kiosk /Library/Preferences/Intego/ContentBarrier/Profiles/.kiosk" as "manager" password "manager_password" with administrator privileges
-- Reboots the system
tell application "System Events" to restart
on error -- do nothing
Not sure if this means anything, but when I run the individual parts in the terminal, I get an error message saying something like “Sudo not allowed for user kiosk. This incident will be reported”.
As just specifies the type of data the do shell script command will return (text, unicode text, etc.).
In OS X 10.2.8 (Jaguar) you can only use with admistrator privileges and password and I believe the same is true for Panther (10.3). Since you can’t specify user name, I assume the command uses root privileges, which should be plenty for anything you need to do.
OK, here’s what worked for me. I created a limited account (very limited, took away all rights to do anything except run Script Editor and TextEdit). From the master account I edited the sudoers file as follows:
(Note that for your use, the user “test” would be changed to “kiosk” and the grouping “TEST” can remain TEST or be changed to something else. The last line “test ALL=(BOSS)ALL” tells sudo “user test on ALL machines can run as BOSS ALL commands”)
Then I logged in as “test” and was able to run a script that looked like this:
do shell script "rm /Users/test/Documents/another file.rtf" with administrator privileges
So it seems that editing the sudoers file is your only option, but it DOES work to allow limited users higher privileges.
I didn’t add the “password” option, but that should be trivial at this point.