Category filter

Fix common issues while executing custom scripts on Mac

Case 1:

Unable to execute scripts. Argument values are not parsed as expected.

While executing the scripts, the argument values are not parsed to the corresponding variables used in the shell scripts. Hence, the scripts are not executed successfully.


Failed to parse the argument value as a single entity as it is enclosed in quotes when passed from the Hexnode portal.

For instance,

The shell script to add a user to the device:

And, if a value “Adam Johns” is passed as $1, it is not considered a single component but two different components, “Adam” and “John”. Hence, the values might not be parsed correctly.


Always enclose the argument value in single quotes if it contains two or more words separated by spaces while passing.

Case 2:

Running the Homebrew commands as scripts from the Hexnode portal generates the error “Running Homebrew as root is extremely dangerous and no longer supported. As Homebrew does not drop privileges on installation, you would be giving all build scripts full access to your system.”


By default, Hexnode executes the script command at the root level.


Homebrew commands need not be executed at the root level. In cases where you do not want specific commands to be run at the root level, you can explicitly execute them at the user level. The following command helps to get the logged-in details of the current user on the device:

currentUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ { print $3 }' )

Include the above command on the script. Then proceeding with the necessary operation as the currentUser helps you run it at the given user level.

For example, the below command changes the default dock orientation of the given user to the value Left.

currentUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ { print $3 }' )

sudo -u "$currentUser" defaults write orientation left

Case 3:

Homebrew command raises the “Command not found” error.


There might be an issue with the Homebrew path variable.


Specify the full path (default location of Homebrew) for the path variable in the scripts.

For example:

Case 4:

When a Python script is executed on macOS devices, the error “Script execution failed. Verify the binary path and try again!” may be produced.


When choosing a script file to be executed, the Binary path field is auto-filled according to the format of the file. When a Python file is uploaded or selected from the Hexnode repository, /usr/bin/python is auto-filled as the binary path. This path may be insufficient in some instances.

Until macOS version 12.3, Macs used to have Python pre-installed in them. In later versions, Python has to be manually installed in order to execute a Python script on the device. But when installed manually, the binary path will be different.


Execute the following command to get the required binary path:

Re-execute the Python script after replacing the auto-filled Binary path with the output of this command.

python binary path

Case 5:

Executing the script generates the error “Script execution failed. Validate the script and try again!” and produces the output “Operation not permitted”.
Operation is not permitted for a script to delete a file


If the script attempts to access/modify the files and folders on the device, the Hexnode agent app on the device requires certain permissions to access them. Otherwise, the script execution can lead to the error “Script execution failed. Validate the script and try again!” and generate the output “Operation not permitted”.


You can grant the required permissions for the Hexnode agent app to access files and folders in the following ways:

  1. Use the Privacy Preferences policy from the portal

    You can grant permissions to the Hexnode agent app from the portal by deploying the Privacy Preferences policy.

    Here, you can grant permission to a specific folder (such as Desktop, Downloads, Documents, etc.) in which the file is present. Otherwise, you can grant permission to All files. To deploy a PPPC profile, follow these steps:

    1. Navigate to Policies > macOS > Privacy Preferences.
    2. Click on Add new preference.
    3. Click on Add new preference to configure privacy preferences

    4. Select Allow from the drop down for All files (or to the specific folder where the file is stored).
    5. Change the access to Allow for All Files

    6. Click on Select Apps.
    7. Click on Specify Bundle IDs/Path.
    8. Select Specify Bundle IDs or Path to select app using Bundle ID

    9. Select Identifier type as Path.
    10. Choose Path to specify the path and Code requirement for the app

    11. Provide Identifier as:
    12. /Library/Application Support/HexnodeMDM/hexnodeagentd

    13. Provide code requirement as:
    14. anchor apple generic and identifier "com.hexnode.hexnodeagentd" and (certificate leaf[field.1.2.840.113635.] /* exists */ or certificate 1[field.1.2.840.113635.] /* exists */ and certificate leaf[field.1.2.840.113635.] /* exists */ and certificate leaf[subject.OU] = BX6L6CPUN8)

    15. Enable the Validate code requirement checkbox. It statically validates the code requirement of the app.
    16. Enter the Identifier and Code requirement for the Agent app in provided fields

    17. Click Add to add the preference to the policy.
    18. The configured preferences are added for the Hexnode Agent app

    Deploy the policy to your target devices. You can execute the custom scripts successfully once the policy is associated.

  2. Modify the Security & Privacy preference on the device.

    You need to provide the Hexnode agent app with Full Disk Access to be able to modify files and folders. Follow these steps to grant access to the Hexnode agent app from the device.

    1. Navigate to System Preferences > Security & Privacy > Privacy > Full Disk Access.
    2. Open Security & Privacy in System Preferences

      Open Privacy tab

      Open Full Disk Access

    3. Click on the Lock Icon to make changes.
    4. Enter the Administrator’s username and password.
    5. Click on hexnodeagentd to grant full disk access.
    6. Hexnode Agent app granted with Full Disk Access

    Once the permission is granted, you can execute the custom script from your Hexnode portal.


    For devices running macOS 13.0 or above, navigate to System Settings > Privacy & Security > Full Disk Access to make changes.

  • Troubleshooting Guides