I can run scripts fine on a limited account as long as they don’t require administrative privileges; adding these breaks the script.
The following script works flawlessly in the Manager (administrative) account, but stops after the first “do shell script” command on the kiosk (limited) account.
try
-- Cleans Folder and downloads kiosk profile
do shell script "cd /Users/kiosk/Documents/kioskprofile; rm *htm*; rm kiosk; wget -r -l 1 -nd -np -A kiosk [url=http://www.ourwebsite/kiosk/profile/]http://www.ourwebsite/kiosk/profile/"[/url]
-- Copies kiosk file to proper folder and renames it to ".kiosk"
do shell script "cp /Users/kiosk/Documents/kioskprofile/kiosk /Library/Preferences/Intego/ContentBarrier/Profiles/.kiosk" as "manager" password "manager_password" with administrator privileges
-- Reboots the system
tell application "System Events" to restart
on error -- do nothing
end try
Not sure if this means anything, but when I run the individual parts in the terminal, I get an error message saying something like “Sudo not allowed for user kiosk. This incident will be reported”.
Authentication usually runs through the “sudo” command (short for “super user do” but also a homonym for “pseudo” since it makes you a pseudo-root user).
From the unix man page for sudo:
Sounds to me that if you edited the sudoers file and added the kiosk account, you should be able to overcome this.
How comfortable are you with the unix-end of OS X?
If you’re trying to run that as the user manager, then you’re not doing it correctly. (Which is causing the script to be run be the current user [kiosk], who is not allowed to use sudo.)
From the StandardAdditions dictionary:
Try something like this:
do shell script "" user name "manager" password "manager_password" with administrator privileges
As just specifies the type of data the do shell script command will return (text, unicode text, etc.).
In OS X 10.2.8 (Jaguar) you can only use with admistrator privileges and password and I believe the same is true for Panther (10.3). Since you can’t specify user name, I assume the command uses root privileges, which should be plenty for anything you need to do.
I believe ˜administrator privileges’ always uses sudo. However, by default only admins can use sudo; Thus, the problem for Torajima is finding a way to run the script as someone who can use sudo.
OK, here’s what worked for me. I created a limited account (very limited, took away all rights to do anything except run Script Editor and TextEdit). From the master account I edited the sudoers file as follows:
(Note that for your use, the user “test” would be changed to “kiosk” and the grouping “TEST” can remain TEST or be changed to something else. The last line “test ALL=(BOSS)ALL” tells sudo “user test on ALL machines can run as BOSS ALL commands”)
Then I logged in as “test” and was able to run a script that looked like this:
do shell script "rm /Users/test/Documents/another file.rtf" with administrator privileges
So it seems that editing the sudoers file is your only option, but it DOES work to allow limited users higher privileges.
I didn’t add the “password” option, but that should be trivial at this point.