user NOT in sudoers after ADE

[kiepenflicker]

Hello,

I am facing a strange issue when using dockutil after an businessmanager enrollment. The dockutil binary tells me the user is not in the sudoers when modifying the own dock. The only fix - asside from elevating the logged in user to admin - is to log out and log in again, or to restart the Mac. After that dockutil works as it should. I have seen this issue sporadically on Monterey 12.6+ and always on 13.0+

The command causing the issue is the following. - The error occurs at any dockutil command. With or without the --no-restart or path to the user profile.

/usr/local/bin/dockutil --remove "Calendar" --no-restart "/Users/testymctestface"

The log stream shows the following entries:

root@MAC ~ # log stream | grep -i dock                                                   
2023-01-23 15:10:10.271081+0100 0xcb69     Activity    0x73d60              9784   0    dockutil: (libsystem_info.dylib) Retrieve User by ID
2023-01-23 15:10:10.279603+0100 0xcb69     Activity    0x73d61              9784   0    dockutil: (libsystem_info.dylib) Retrieve User by Name
2023-01-23 15:10:10.415959+0100 0xcb69     Activity    0x73d62              9784   0    dockutil: (libsystem_info.dylib) Retrieve User by Name
2023-01-23 15:10:10.417535+0100 0xcb69     Activity    0x73d63              9784   0    dockutil: (libsystem_info.dylib) Retrieve Group by ID
2023-01-23 15:10:10.434837+0100 0xcb78     Default     0x0                  9786   0    sudo:  testymctestface : user NOT in sudoers ; TTY=ttys000 ; PWD=/Users/testymctestface ; USER=testymctestface ; COMMAND=/usr/bin/defaults import /Users/testymctestface/Library/Preferences/com.apple.dock.plist -
2023-01-23 15:10:10.484345+0100 0xcb69     Activity    0x73d64              9784   0    dockutil: (libsystem_info.dylib) Retrieve User by Name

[ParanoidAndroid91]

I've given up on it now and simply use iMazing to create a Dock profile, deployed via Jamf Pro. Absolutely zero issues with that; it takes effect immediately while also enabling you to point at folders in the User area (such as Downloads and Documents) and it's so easy to make changes.

[kiepenflicker]

I have done some investigation and made the following observation:

Using the script i have "written" I could see that the function func consoleUser() returns the UserID in capital letters and the function func runningAsConsoleUser() in lowercase, when logged in after an DEP/ADE enrollment without restarting the Mac. After a logout and login func consoleUser() returns the user in lowercase and dockutil works as desired.

The output of the script after an DEP/ADE Enrollment without restart:

1 testymctestface
2 TESTYMCTESTFACE
3 TESTYMCTESTFACE

The output of the script after logout and login:

1 testymctestface
2 testymctestface
3 testymctestface

The Script that I have executed with the python from https://github.com/macadmins/python:

from Foundation import NSProcessInfo
#help (Foundation)
print("1 "+ str(NSProcessInfo.processInfo().userName()))

from SystemConfiguration import SCDynamicStoreCopyConsoleUser
from SystemConfiguration import SCDynamicStoreCreate
import sys
username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]
print("2 "+str(username))
username = [username,""][username in [u"loginwindow", None, u""]]
print("3 "+str(username))

[kiepenflicker]

changing in func consoleUser()

return SCDynamicStoreCopyConsoleUser(store, nil, nil) as String?

to

return (SCDynamicStoreCopyConsoleUser(store, nil, nil) as String?)?.lowercased()

and recompiling fixes the error. Is it possible to take it over in the next release?

[kcrawford]

Thank you @kiepenflicker. Yes I will integrate your suggested fix.

[kcrawford]

This should be fixed in 3.1.1 release. Please test and confirm here if you can. Thanks again @kiepenflicker